Search through Certifier's knowledge base to get the answer to your question.

Valeriia
Written by Valeriia

I've received Strict DMARC policy alert. What should I do?

This article explains what DMARC is and why it affects email deliverability.


You may wonder why emails with your certificates bounce back or go to spam. Most likely, your domain has a strict DMARC policy.


What does DMARC stand for? 

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance, which is a technical standard that helps protect email senders and recipients from spam, spoofing, and phishing. 

In simple terms, DMARC helps Internet Service providers to prevent invalid or malicious emails from reaching your Inbox.


What are SPF and DKIM records and why do we need them?

SPF record (Sender Policy Framework) helps to prevent sending fake emails on behalf of your domain. With the help of an SPF record, you publish valid details about IP addresses that can send emails from your domain. Your recipient’s server compares actual details with the one from the SPF record and makes a conclusion whether this email is valid or should go to Spam.

DKIM record (DomainKeys Identified Mail) is also a part of email authentication. It helps to verify whether the email was sent by the legal domain owner. Once you add a DKIM record to the DNS zone of your domain, an additional authentication code is added to your email header. Your recipient’s server looks for the code in the header and forwards emails to Spam if it’s not present.


What is the difference between strict and relaxed DMARC alignment?

By default, domains usually have a relaxed DMARC alignment mode. It means that if your SPF record contains a value for the bare domain “include:yourcompanyexample.com”, relaxed DMARC mode will allow receiving emails from all subdomains attached to it.

For example, from certifier.yourcompanyexample.com.

However, if you have a strict DMARC alignment mode, the lookup will search for an exact subdomain in your SPF record. 

For instance, your DNS record should contain strictly: 

include:certifier.yourcompanyexample.com

How do I prevent my emails from going to Spam?

  • Add MX and TXT records for your domain

It’s required to add MX and TXT records for “mail-certifier” subdomain to ensure deliverability. Please use the following value:

Host: mail-certifier.yourcompanyexample.com
Type: MX 
TTL: standard 
Priority: 10
Value: feedback-smtp.eu-west-1.amazonses.com


Host: mail-certifier.yourcompanyexample.com
Type: TXT 
TTL: standard
Value: “v=spf1 include:amazonses.com ~all”
  • Contact our Support Team

Important: To finish the process, please contact our Support team via chat or email. We will initiate the validation process, and your email should be delivered to the Inbox. 

If you still have some questions, do not hesitate to contact us via chat icon or email us directly: contact@certifier.io

Categories: