This service is provided for free from Postmark.
DMARC is a standard that prevents spammers from using your domain to send email without your permission — also known as spoofing. If you are new to email authentication, we recommend first reading about DKIM and SPF. In combination with SPF and DKIM, a DMARC policy in DNS allows you to set rules to reject or quarantine emails from sources you do not know or trust. As part of the DMARC spec, ISPs (Gmail, Yahoo, Microsoft and more) who implement DMARC will also generate reports on sending activity for your domain. For further reading, check out our guide on DMARC.
DMARC is extremely powerful as a tool to stop email spoofing. At the same time, it’s highly complicated and risky to implement. If you set a DMARC policy without knowing all of your email sources (mailboxes, email marketing, CRM, transactional email, server alerts, etc) you could potentially reject legitimate emails. This tool collects reports from ISPs and presents them to you in human-readable emails sent once per week. This will make it much easier to understand and implement DMARC on your domain.
As with most email service providers, Postmark uses a custom domain to collect bounces through the "Return-Path" header in emails. This address resides at the domain pm.mtasv.net. With DMARC, the Return-Path and From address must match the same domain for SPF alignment. This means that ESPs will fail the SPF DMARC alignment. Don’t worry though, DMARC only requires either SPF or DKIM to be aligned. Some ESPs get around this by using a Sender header, but we never liked that option due to the “on behalf of” message that can show up in email clients. In addition, we like our customers to build a reputation on their own domains by using custom DKIM in their DNS. To fully support DMARC when sending emails from Postmark, you can add a custom Return-Path domain for your own domain. This will allow the Return-Path to match the From address, resulting in a passing DMARC alignment for your emails. To learn more, please read our support article on adding a custom Return-Path domain.
It’s quite common for DNS providers to take up to 24 hours to propagate. If this is the case, we will attempt to verify your DMARC DNS record every 30 minutes. Once verification is successful you will receive an email confirming your weekly subscription.
|p||Policy for organizational domain||p=none|
|pct||Percentage of messages subjected to filtering||pct=100|
|rua||Reporting URI of aggregate reports||rua=mailto:firstname.lastname@example.org|
|sp||Policy for subdomains of the organizational domain||sp=none|
|aspf||Alignment mode for SPF||aspf=r|
We provide DMARC reports as a free service. As such, there are certain limitations to the service at the moment to help us keep everything running smoothly: