Join The Community Sign Up For Club Zenatta

Article Read Time:

3 Min

Search
Search

Subcribe To Our Channels:

Train Your Entire Team
With Our Zoho Team Training:

Check Out Our
Zoho Marketplace Extensions:

Join Our FREE
Zoho Community:

How To Configure DMARC for Zoho CRM

You may have noticed this past week that if you didn’t have DMARC configured, your latest bulk email you tried to send out of Zoho CRM was denied. This is because DMARC for Zoho CRM is now mandatory for sending bulk emails. SPF and DKIM are no longer sufficient. Implementing DMARC ensures better email deliverability and security. Below is a quick breakdown of SPF, DKIM, and DMARC along with everything you need to know to resolve this issue within Zoho CRM.

What Are SPF and DKIM?

SPF (Sender Policy Framework): SPF verifies that an email comes from an authorized server. It checks if the sender’s IP is listed in the domain’s SPF record.

DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to the email header. This signature verifies the message’s integrity and confirms that it hasn’t been tampered with.

While SPF and DKIM validate sender authenticity, they don’t cover reporting or provide actionable policies. This is where DMARC steps in.

Breakdown of DMARC

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is crucial for email security and deliverability. It builds on SPF and DKIM, adding enforcement policies and reporting mechanisms. Here’s a detailed breakdown of the settings and formatting you can choose from when configuring DMARC for Zoho CRM.

1. DMARC Version

  • v=DMARC1: This is the mandatory tag that specifies the version of DMARC being used. Always start your DMARC record with this tag.Example: v=DMARC1

2. Policy (p)

The policy tag dictates how receiving servers should handle emails that fail DMARC checks.

  • none: Monitor emails but take no action. Ideal for testing and monitoring.
  • quarantine: Mark failing emails as suspicious and send them to the spam/junk folder.
  • reject: Block emails that fail DMARC checks.Example: p=quarantine

3. Subdomain Policy (sp)

This tag allows you to specify a different DMARC policy for subdomains.

  • none: No action taken for emails from subdomains.
  • quarantine: Mark failing emails from subdomains as suspicious.
  • reject: Reject emails from subdomains that fail DMARC checks.Example: sp=reject

4. Reporting Addresses

DMARC allows you to receive reports on how your domain’s emails are being handled. There are two types of reports: aggregate (rua) and forensic (ruf).

  • Aggregate Reports (rua): Provides a summary of email authentication results.
    • Format: rua=mailto:your-email@yourdomain.com
    Example: rua=mailto:dmarc-reports@yourdomain.com
  • Forensic Reports (ruf): Provides detailed reports for each email that fails DMARC.
    • Format: ruf=mailto:your-email@yourdomain.com
    Example: ruf=mailto:dmarc-failures@yourdomain.com

5. Alignment Mode (adkim and aspf)

This tag defines how strictly DKIM (adkim) and SPF (aspf) identifiers must match.

  • Strict (s): The domain in the email’s DKIM/SPF must exactly match the domain in the DMARC record.
  • Relaxed (r): The domain in the email’s DKIM/SPF can be a subdomain of the domain in the DMARC record.Example: adkim=s; aspf=r

6. Percentage of Emails to Apply Policy (pct)

The pct tag specifies the percentage of emails to which the DMARC policy should be applied.

  • Range: 1 to 100 (default is 100)Example: pct=50 (applies the policy to 50% of emails)

7. Reporting Options for Forensic Data (fo)

This tag controls the generation of forensic reports.

  • 0: Generate a report if both SPF and DKIM fail (default).
  • 1: Generate a report if either SPF or DKIM fails.
  • d: Generate a report if the DKIM check fails.
  • s: Generate a report if the SPF check fails.Example: fo=1

8. TTL (Time To Live)

The TTL value specifies how long the DMARC record should be cached by DNS servers.

  • Recommended TTL: 3600 seconds (1 hour)

Full Example:

v=DMARC1; p=quarantine; sp=none; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-failures@yourdomain.com; adkim=s; aspf=r; pct=100; fo=1;

The mandatory elements are Version (v) and Policy (p).

How to Add DMARC to Your DNS Settings

Example of a DMARC TXT Record being added to your DNS.
  1. Log in to Your DNS Provider: Access your domain’s DNS management dashboard.
  2. Create a New TXT Record:
    • Host/Name: Enter _dmarc.yourdomain.com.
    • Type: Set this to TXT.
    • Value: Use a format like v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com;.
  3. Set the TTL: Use a TTL of 3600 seconds (1 hour) for flexibility.
  4. Save the Record: Once saved, the DNS will propagate the changes.

Once completed, give it up to 48 hours, but once configured properly, it should go from red to green.

image of DMARC for Zoho CRM being activated in mail deliverability settings inside of Zoho CRM
Example of our DMARC set inside of Zoho CRM.

Setup DMARC for Zoho CRM Today

Still seeing that your DMARC isn’t turned on after completing these steps? It can take up to 48 hours to sync with Zoho CRM. If you are still having errors after that visit Club Zenatta for additional help or drop us a line and learn how Zenatta can help you with your Zoho instance as your Zoho Partner.

Billy Bates

Senior Web Developer

Billy is a Wordpress Developer with an eye for design. His knowledge will help our company website and client sites meet their goals. Billy and his young family have just moved to Ashland Oregon, and are looking forward to exploring the area’s amazing beer, wine, and food. He also has a passion for synthesizers and drum machines.

Lucas Sant'Anna

Consultant

With a background in Operations Research and Data Analysis, Lucas is a Brazilian programmer that likes to get stuff done quickly and reliably. In previous jobs, he implemented industrial job scheduling, fleet management and detailed long-haul route optimization – among other data-driven processes – to reach objectives of increased profit and reduced wasted resources. His goal is to make Zoho fully automated and with more meaningful data for spot-on decisions.

.

.