To reduce spam and increase email security, email service providers use an email authentication method named Domain-Based Message Authentication, Reporting & Conformance (DMARC). DMARC tells mailbox providers how to handle email messages from your organization's domain that fail authentication:
Do nothing — Deliver as usual
Quarantine the message — Place the email in the recipient’s spam or junk folder
Reject the message — Don’t deliver the email
Should I Set Up DMARC?
Whether you should set up DMARC depends on your organization’s email configuration:
Personal email service provider — If you use a personal email service provider such as Google, Yahoo, or others, Bloomerang CRM handles DMARC for you. You don't need to set up DMARC.
Custom domain — If your sender address is from your organization’s custom domain, and you email more than 5,000 recipients daily, you must set up DMARC for your domain. This is a technical task, which means you might need help from your IT support provider. We’ll help get you started. For instructions, read Set Up DMARC for Your Custom Domain.
Important: As of February 1, 2024, Google and Yahoo require bulk senders to follow email delivery requirements, which include DMARC. To comply, your organization must add a DMARC record to your domain settings if you email 5,000 or more Google or Yahoo recipients daily and your sender address is from your own domain. Google and Yahoo also have other requirements for bulk senders (SPF, DKIM, and spam rate). Other email service providers might have similar requirements. For detailed information, read Google and Yahoo Requirements for Bulk Senders.
How Does DMARC Work?
DMARC compares the domain name of the sending email server and the domain name in the From address. A strict DMARC policy says that if these domains don’t match, the receiving email server should reject the email. Many free email providers, such as Google and Yahoo, enforce a strict DMARC policy.
DMARC works together with SPF and DKIM, which are additional email authentication methods. When you set up DMARC, DKIM, and SPF, mailbox providers know that Bloomerang CRM, and our email service provider SendGrid, are authorized to send emails on your behalf and the email is legitimate. Email authentication also helps protect your organization and supporters from phishing and spoofing attempts.
Note: Comcast requires the IP address of the sending email server to match the IP address of the domain used in the From address. Bloomerang CRM addresses this requirement by changing the From address to [email protected]. Now the IP addresses match and your email is delivered to Comcast email addresses. You don't need to do anything.
Set Up DMARC for Your Organization's Custom Domain
Wait 48 hours after you add SPF and DKIM records before you add a DMARC record.
Note: These instructions are a general outline to help you get started. Your domain provider might use different names for some settings. Get specific instructions from your domain provider.
To add a DMARC record in your organization's domain settings:
Sign in to your domain provider account.
Open the DNS manager.
Add a new TXT record.
In the Name or Host text box, enter
_dmarcfollowed by your domain name (for example,_dmarc.example.org). Your domain provider might automatically append your domain name.In the Value text box, enter this tag and value:
v=DMARC1;p=none;
We recommendp=none; while you’re testing email delivery after setting up DMARC. This option enables reporting but doesn’t enforce email rejection. To reject emails that fail DMARC, changep=none; top=reject;Save the record.