DirectAdmin: Authenticate Domain Mail with DMARC

Purpose of DMARC

This post authenticates domain mail using DMARC for any domain to improve deliverability, visibility, and protection against spoofing and phishing.

DMARC configuration is performed only after mail is confirmed working. It relies on DKIM (and SPF) already being in place.

This focuses on authentication and reporting—not mailbox setup or mail testing.

Scope and Applicability

• Applies to all domains on this server
• Performed first for the Account Domain
• Repeated for each additional domain added later
• Mail flow must already be confirmed functional

Prerequisites

• Mail sending and receiving has been successfully tested, e.g., by its created & configured admin mailbox
• DKIM is enabled and confirmed for the domain
• SPF exists or is implicitly handled by the server

Test if DMARC Record exists

This test if DMARC record already exists. If it does, you don’t need to create a new one.

• Go to https://dmarcly.com/tools/dmarc-checker.
  • Domain: <your domain name>
  • Tap <Check DMARC Record>.

Generate a new DMARC Record in DirectAdmin

If no DMARC record exists, generate one now. This procedure adds a DMARC record to DNS.

DirectAdmin has a built-in DMARC Generator that’s natively a part of adding a DNS record. And it’s an extremely high detailed one.

• From DirectAdmin Control Panel | Admin, go to <Server Manager> | <DNS Administration>.
• Tap on the correct domain from the domains list at the bottom.
• Confirm the “Edit DNS Records for…” shows the correct domain name.
• Click <Add Record> and populate with the following items.
  • Record Type: TXT
  • Name: _dmarc
  • TTL: 3600
  • TXT Record Type: DMARC
  • Domain policy type: Reject
  • Subdomain policy type: Select (choose “same as domain”; the word “Select” will remain)
  • Aggregate Email (RUA): add admin@<domain name>, or leave blank to not receive reports); however, skipping this email address here is not recommended.
  • Forensic Email (RUF): (leave blank)
  • Report Format: (default: “Authentication Failure Reporting Format”)
  • Reporting Interval: 86400 (default is 24 hours = 86400)
  • Percentage: 100 (default = 100)
  • Alignment mode for DKIM: Relaxed (default = Relaxed)
  • Alignment mode for SPF: Relaxed (default = Relaxed)
  • Value: (automatically generated, based on above selections; however, can now be manually changed if desired).
• Click <Add>.

Concluding DMARC Confirmations

• Confirm DMARC record now is found by testing at https://dmarcly.com/tools/dmarc-checker.
• Sometimes, it takes about 3 minutes after adding the DMARC record to DNS to resolve.
• Results might be in red if a single required minimum item is “not found”, e.g., if a scheduled RUA report’s “Aggregate Email” address is not found or if a “domain policy type” is not assigned, the results will be in red.
• Typically, the result will include having at least 1 item “DMARC record found”.

Next Steps

Depending on what brought you here, you can easily return to that exact area on the page. Just, click any of these specific areas or checklist sections you recognize that led you here.

• Complete Setup Guide: Return to section “Configure Admin Mail for any Domain” and continue after Authenticate Domain Mail with DMARC for a domain.