Skip to content

Regarding the Use of CMC Domain Protection

To use CMC Domain Protection, purchasing the CMC Domain Protection plan is required.

DMARC Settings

In DMARC settings, you can generate a DMARC record to publish your DMARC policy.

When configuring DMARC for the first time, you first need to generate a DMARC record and publish it to your DNS. A DMARC record provides information to recipients (such as ISPs) about how to handle emails when authentication of the sending domain fails. You can easily generate a DMARC record using CMC Domain Protection.

Register your DMARC record

Getting Started with CMC Domain Protection

  1. Log in to the management console, click "Customers Mail Cloud▼" in the upper left corner of the screen, and switch to the "CMC Domain Protection" screen. Alternatively, access the CMC Domain Protection Management Console.

  2. Log in to CMC Domain Protection using the account and password set in Customers Mail Cloud. The privileges, two-factor authentication settings, and operation authority settings configured in Customers Mail Cloud are inherited. (CMC Domain Protection is available to all user roles; however, Report Viewer and Accountant cannot register, edit, or delete DMARC settings.)

    dashboard

When Operating Sending Domains with Subdomains

If you are using a subdomain such as subdomain.hennge.com as your sending domain, the same DMARC policy will be inherited by the subdomain if DMARC is configured for the organizational domain of this domain, hennge.com.

To configure a DMARC policy individually for a subdomain, please register a DMARC record according to the method below.

Generate a DMARC record

You can generate a DMARC record by entering the domain and policies for operating DMARC.

  1. Click the "DMARC Settings" tab.

  2. Click the "Generate DMARC Record" button.

  3. Enter the domain for which you want to generate a DMARC record and click the "Next" button.

    input DMARC policy

  4. Enter the following items:

    Note

    The current DMARC record value published on the DNS will be retrieved and displayed. If a DMARC record is not published, default values will be specified.

    generate DMARC record

    project explanation
    DMARC domain This displays the sending domains that declare the DMARC policy you entered on the previous page.
    DMARC Policy (p) Declares a policy on how to handle emails that fail DKIM and SPF authentication.
    Subdomain Policy (sp) The DMARC policy configured for an organizational domain is automatically inherited by subdomains unless a specific policy is defined for the subdomain. However, by using the sp tag, you can configure a DMARC policy for a subdomain that is different from the organizational domain's policy.
    pct Specifies the percentage of emails that fail DMARC authentication that should have the DMARC policy applied. Adjust this percentage if you want to gradually apply a policy other than none.
    adkim Select the scope of DKIM.
    - relaxed In this case, if the DKIM signing domain (the value of the d= tag) and the organizational domain (eTLD+1) of the From header are the same, authentication will be successful.
    - strict In this case, the From header and the DKIM domain must be the same.
    aspf Select the scope of SPF coverage.
    - relaxed In this case, if the Return-Path domain in the SPF authentication and the organizational domain (eTLD+1) in the From header domain are the same, authentication will be successful.
    - strict In this case, the envelope From and header From domains must be the same.
    rua(mailto:) (Optional: Only if additional) Enter the recipient of additional RUA reports in email address format. If there are multiple recipients, enter them separated by commas (,). The RUA for Domain protection will be generated on the next screen.
    ruf(mailto:) (Optional) Enter the recipient of the ruf report in email address format. If there are multiple recipients, enter them separated by commas (,). Since the report email returned by ruf may quote the contents of the delivery email including personal information, from the perspective of personal information protection,Domain Protection ruf reports are not supported.
    fo (Default: 0) Sets the conditions for sending ruf reports when DMARC authentication fails. Multiple conditions can be specified in combination. If you want to investigate authentication failures of either SPF or DKIM, a setting of "1" is recommended.
    rf The format of the failure report is displayed. (Currently only afrf is supported) *Cannot be entered
    ri Displays the interval for sending aggregated reports. (CMC Domain Protection only supports the default (86400 seconds)) *Cannot be entered

  5. Click the "Generate" button to generate your DMARC record.

    generate DMARC record

    Continue publishing your DMARC record to DNS.

About rua parameters

This is the email address that will receive a summary report of the number of emails received and the authentication results for each sending domain and sending IP, sent from the receiving mail server. When you generate a DMARC record in CMC Domain Protection, the email address for receiving and analyzing in Domain Protection is automatically set.

Publish your DMARC record

Publish the DMARC record generated in the management console to the DNS that manages your sending domain.

This section describes an example of configuration using Amazon Route53

Route53 DMARC record

project value
Record Name Enter _dmarc.
Record Type Specify TXT.
Value Enter the record values ​​in the "DMARC Record Settings" dialog.

Note

If you add a new DMARC setting, the arrival of the report email depends on the processing of the destination email server. Therefore, please wait 2-3 days after setting up the new DMARC DNS record.

Modify your DMARC record

If you want to change your DMARC policy, you can regenerate the records from the DMARC settings.

  1. Click the DMARC Settings tab in the admin console.

  2. From the list of sending domains, click the edit button (pencil icon) of the desired domain.

  3. Click the "Update" button in the DMARC Record Settings dialog.

    DMARC record update

  4. You can edit the fields that can be filled in. After editing the fields, click the "Update" button.

    DMARC record re-generated

  5. A DMARC record will be generated with the edited content.

    DMARC record re-generated

  6. Change the DMARC record published in DNS to the new record value.

Remove DMARC records

If you want to stop receiving DMARC reports from CMC Domain Protection, for example if you want to discontinue DMARC operations, you can delete the registered sending domain.

  1. Click the DMARC Settings tab in the admin console.

  2. From the list of sending domains, click the delete button (trash can icon) for the domain.

    remove DMARC record

  3. Enter the string "delete" in the deletion confirmation dialog and click the "Delete" button to delete the sending domain.

  4. Remove any DMARC records published in DNS.

Notice

If the DMARC record is published in DNS, DMARC reports will continue to be sent to CMC Domain Protection even if the sending domain is deleted. Be sure to delete the DMARC record or change the report destination (rua parameter).

Removing a domain from the DMARC settings will not delete past report information.