DMARC is a validation system for incoming emails. It checks that the domain of the From email address matches the domain the message is actually being sent through. If the domains don’t match, the email fails the DMARC check.
Covered in this article:
What is DMARC
How to fix the email failed from DMARC
What is DMARC?
DMARC stands for domain-based message authentication, reporting, and conformance. It is a protocol that uses SPF and DKIM to determine the authenticity of an email, giving domain owners the ability to protect their domain from unauthorized use.
DMARC provides instructions to receiving servers about how to handle incoming mail. To get delivered, messages need to pass DKIM and SPF alignment checks according to the requirements set by the DMARC policy. Messages that do not pass DMARC checks can be rejected, reported back to the domain owner, or placed in the spam folder.
Implementing a DMARC policy on your domain can help protect you from spoofing, limiting your brand’s and recipients' exposure to potentially fraudulent and harmful messages.
How to Fix the Email Failed From DMARC?
Freedomkit email system has two types of sending domains.
1. Shared sending domain:
When you use Freedomkit email systems all your email will be sent through Freedomkit shared domains mg.msgsndr.net and mg.msgsndr.org
Note: DMARC is not required to send emails from the shared domains on the Freedomkit email system.
The error message says:
"The domain in your from address (kate@test.com) has a p=reject DMARC policy. Most inbox providers will reject your messages without a dedicated sending domain configured, resulting in elevated bounces. To avoid elevated bounces, use company emails."
Your actual DMARC record is: v=DMARC1; p=reject"
Here's an example of how to enter a DMARC into your DNS:
Note: To fix the issue, Temporarily change your DMARC record with your DNS to have a p=none policy
The DMARC error message above has a p=reject or p=quarantine. This will prevent emails that fail DMARC to be sent to the Inbox folder. To make sure messages are delivered even if DMARC fails, you will want to change the policy in your DMARC to p=none with your DNS provider. Moving to a more relaxed policy is not recommended so this change should be temporary.
2. Dedicated sending domain
In order to be DMARC compliant, you need to connect a dedicated sending domain to your account that matches the domain in your sender email address (i.e. your from address). For example, if you send an email using kate@test.com as the from-address and test.com is protected by DMARC, your account will need to use a dedicated sending domain like mg.test.com to meet DMARC requirements.