Skip to content

Note

"DMARC Monitor" is a function for Pro pran. To use this function, please subscribe to the Pro plan.
The free provision of "DMARC Monitor" to new CMC customers has ended.

Configure CMC DMARC Monitor

CMC DMARC Monitor is a service that receives and visualizes DMARC reports from ISPs.

With respect to a corporate domain, there may be multiple systems using this domain to send email. There is a risk of authentication errors in mail delivery because some systems do not support sending domain authentication, or DKIM or SPF are not properly published.

With the CMC DMARC Monitor, you can easily detect mail servers that do not support DMARC outbound domain authentication from the DMARC reports you receive. It can also determine if it can declare "quarantine" or "reject" in its DMARC policy.

In addition, the IP address and WHOIS information of unauthrized servers sending mail spoofing can be easily viewed. Thus, the occurrence of spoofed mails can be detected and properly handled.

Activate CMC DMARC Monitor

  1. Log into management console and click Customers Mail Cloud▼ on top left side of the window.

  2. Click the Start DMARC (DMARCをはじめる) button.

    dashboard

Register DMARC record

Generate DMARC record

  1. Log into management console and click the DMARC settings tab.

  2. Click the Generate the DMARC record button.

    input DMARC policy

  3. Enter items below:

    Item Description
    Sender domain Enter the sender domain for which you want to declare a DMARC policy.
    DMARC parameter p Select the policy for how you want to handle with emails that fail DKIM and SPF authentication.
    - none
    - quarantine
    - reject
    pct Enter the percentage of mail to be processed by DMARC.
    Default value is "100".
    adkim Select the DKIM coverage.
    - relaxed: authentication succeeds even if the domain in the header From is a subdomain of the DKIM domain.
    - strict: the header From and DKIM domain must be the same.
    aspf Select the SPF coverage.
    - relaxed: authentication succeeds even if the domain of the envelope From is a subdomain of the header From.
    - strict: the domains of the envelope From and header From must be the same.

  4. Click the Generate button. DMARC record is generated.

    generate DMARC record

Publish DMARC record

Publish the DMARC record generated in the management console to the DNS that manages the sending domain.

Here is an example configuration with Amazon Route53.

Route53 DMARC record

Item Description
Name enter "_dmarc"
Type specify "TXT"
Value enter the record value which is displayed in the dialogue of DMARC settings

Confirm DMARC record

After the DMARC record is registered into DNS, click the Confirm DNS button. If the DMARC record is successfully referenced from the DNS, the status is set to "DNS-Registered".

Note

If you have to confirm DNS validation at a later date, due to the time needed to complete the registration of records to the DNS, do the following.

  1. Log into management console and click the DMARC settings tab.
  2. Choose the sending domain name that you want to confirm.
  3. Click the Confirm DNS button.

Update DMARC redord

If you need to change DMARC policy or something, you can update DMARC record in configure dialogue.

  1. Log into management console and click the DMARC settings tab.

  2. Click the sender domain name that you want to change.

    DMARC record dialogue

  3. Click the Update button in the dialouge of DMARC record settings.

    DMARC record update

  4. You can change items except "sending domain". After changing, click the Update button.

  5. DMARC record is updated. The current record already published to the DNS needs to be changed to the new record value.

    DMARC record re-generated

Delete DMARC record

If you want to stop receiving DMARC report to CMC DMARC Monitor, you need to delete "sender domain" registered at DMARC settings tab.

  1. Log into management console and click the DMARC settings tab.

  2. Choose the sender domain name that you want to delete and click Del button.

    remove DMARC record

  3. Enter your login password in the confirmation dialouge and click delete button. After that this DMARC config on the CMC DMARC Monitor is deleted.

  4. Delete the DMARC record that is still published on the DNS.

Warning

If the DMARC record generated at CMC is still published in the DNS, the DMARC report will continue to be sent to the CMC DMARC Monitor even if the sender domain at CMC config is deleted.

Please make sure to delete the DMARC record published in the DNS, or at least change the reporting destination ("rua" parameter).