DMARC & Sender Email Address

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It is a protocol used to validate the authenticity of an email message by verifying the sender's identity. It is an important security measure that helps protect the reputation of a domain and its associated email messages. It is important to ensure that the DMARC configuration is set up correctly for all sender email addresses.

πŸ“˜

For sending with OneSignal mail only

DMARC configuration only applies to OneSignal mail. If sending through an ESP like, Mailgun, Mailchimp, or SendGrid. You are responsible for ensuring your sender email address matches the domain configured in your ESP.

DMARC Settings

🚧

Google requires that your domain has DMARC authentication set up to ensure email security for bulk sending. Please take the necessary steps to implement DMARC for your domain. Email Sender Guidelines

Setting up DMARC (Domain-based Message Authentication, Reporting, and Conformance) for your subdomain is enhances email security and protects your organization's reputation.

Implementing DMARC establishes an email authentication framework that helps prevent email spoofing and phishing attacks, as it allows you to specify which email servers are authorized to send emails on behalf of your subdomain.

Setting up DMARC for your subdomain is a proactive measure to improve email security, build trust with your audience, and maintain your brand's integrity. See our What Is DNS Authentication to learn more.

DMARC Policy Setting

In DMARC (Domain-based Message Authentication, Reporting, and Conformance), the "p" (policy) tag is used to specify how email receivers should handle messages that fail DMARC authentication. The "p" tag can have various values to set different policies. Here's how you can set the "p" tag:

p=none" (Monitoring Mode):

This is the most permissive option. It instructs email receivers to not take any action against email messages that fail DMARC authentication.
It is commonly used when initially implementing DMARC to gather reports on email authentication failures without impacting email delivery.

"p=quarantine" (Quarantine Mode):

In this mode, email receivers may choose to treat emails that fail DMARC authentication as suspicious. Some receivers may quarantine these emails, which means they might be delivered to the recipient's spam or quarantine folder.
It is a middle-ground option, providing some protection against phishing and spoofing while allowing for email delivery.

"p=reject" (Reject Mode):

This is the strictest policy setting. Email receivers should reject or discard email messages that fail DMARC authentication, preventing them from reaching the recipient's inbox.
It provides the highest level of protection against phishing and email spoofing but should be used with caution to avoid blocking legitimate emails.

Learn how to configure DMARC for your domain or subdomain

DMARC Alerts

If you see the warning in OneSignal, this means that you have a "p=reject" or "p=quarantine' flag configured on the sender email address provided. You won't be able to send the email from the provided address with either configuration.

How to Resolve

To resume sending, you have 3 options:

  1. Choose a different sender email address. You can pick a sender address that does not have any DMARC configuration.
  2. Authenticate your sending domain. Setup a Custom Sender Domain to ensure that the root of the domain you configure matches your sending email address.
    For example, you can configure mail.example.com as your sending domain. And send emails from [email protected].
  3. Update the DMARC config for your sender email address. To do this, open the DMARC settings in your DNS configuration and change the p flag from "p=reject" or "p=quarantine" to "p=none".