Thank you to everyone who attended our DIY vs. automated DMARC webinar! We received a lot of great questions, but we were only able to answer some of them live. In this blog post, we’ll answer the questions that we didn’t get to!
In case you missed our webinar, we discussed the differences between DIY vs. automated DMARC. There are many pitfalls and challenges associated with trying to get to DMARC enforcement on your own, and we covered how automated DMARC can help you avoid these challenges.
If you’re interested in viewing the whole webinar, watch it here:
You can also read on to find the answer to some of the questions that we received.
How do I use RUF, RUA, and SMTP TLS reports?
An aggregate report (RUA) and a forensic report (RUF) are important for DMARC.
The RUA reports are the most important; you can find important information on your DMARC, DKIM, and SPF statuses. In the RUA report, you’ll be able to find important information, like:
- The domain
- Report’s date and time range
- Type of DMARC policy
- Authentication information
- IP addresses
The RUF reports contain more data that may be sensitive, so healthcare, government, and financial industries may want to avoid enabling this type of reporting. We recommend only using RUA reports.
SMTP TLS reports come from the Internet and warn you of any connection issues your servers might experience when connected to your email system. These reports allow you visibility into any expired certificates, unresponsive servers, mismatched certificates, and TLS connections.
Does DMARC require me to establish an MX record and/or domain?
The mail exchange (MX) record is located in the Domain Name System (DNS). This record lists what mail server that accepts email messages on behalf of the domain name.
To add a DMARC record, you’ll need to own the domain. Once you own the domain, you’ll need to add the DMARC record in your DNS, so technically, you should have an MX record.
However, if you’re using Valimail Monitor, all you need to do is create a DMARC record and point that to Valimail.
Does BIMI work without a Verified Mark Certificate (VMC)?
Currently, you do need to have a VMC for BIMI to work.
In addition to a VMC, you’ll also need to ensure your brand’s domain is at DMARC enforcement. Your DMARC policy must be at either “p=quarantine” or “p=reject.” A policy of “p=none” will not be enough to satisfy BIMI standards.
Lastly, you need to maintain your domain’s BIMI record in your DNS.
Can I track down the contents or subject line of an email that DMARC blocked?
If your DMARC policy is set to p=reject, you won’t be able to see your email’s contents or subject line. This is due to personal identifiable information (PII) privacy concerns.
However, if you want to learn more about this, contact our sales team.
Should an SPF record have IP addresses if you’re only sending from Office 365?
It is better to use Microsoft’s provided include statement and add it to your SPF record. For example, you would use this:
We also highly recommend that you enable DKIM for Office 365. You can find more information on that on our support portal.
My company manages emails for other companies. Should we add them all to the same account or keep them separate?
In most cases, adding all the controlled domains to one account is easier.
However, MSPs may want to have separate accounts for each client.
Start using automated DMARC today
These are only a few questions someone might have while trying to get to DMARC enforcement alone. We know it can be challenging, so we make the process as simple as possible.
Take the first step towards automating your DMARC enforcement by signing up for a free account on Valimail Monitor. On this platform, you’ll see who’s sending mail under your domain’s name and monitor your DMARC enforcement status.
Once you have that visibility, we can help you take the next steps toward DMARC enforcement.