How to Set Up a DMARC Record for Office 365

Did you know that…

Without a DMARC record set up, criminals can send emails as if they were coming from your domain?

A well-configured DMARC record prevents this.

Oh, and it can also increase your open rates by 10%!

Follow the guide below to set up DMARC for Office 365.

Microsoft Office 365 logo

DMARC - Why You Should Care

In an ideal world, no DMARC records would be necessary.

Unfortunately, shady folks can make it seem that email was sent from your domain when it really wasn’t.

Through a DMARC record, email servers can verify if an email really came from the domain it says it comes from. If not, the email can be redirected to the spam folder or not get delivered at all.

Note: From February 2024 onwards, senders who send more than 5,000 daily emails to Google and Yahoo accounts must have an active DMARC policy.

Now that you recognize the significance of implementing a DMARC record, let’s configure one together.

💡Make sure to set up your SPF and DKIM records before your DMARC record. Before enabling DMARC, you need to have had a record of successful SPF and DKIM authentication for at least 48 hours.

1. Prepare Your DMARC Record for Office 365

Let’s first see what a DMARC record actually looks like:

👉 v=DMARC1; p=none; rua=mailto:youremail@yourdomain.com

Yes, at first sight, it may seem complicated. But the DMARC record consists of distinct components that are pretty straightforward once you know what they mean.

A DMARC record consists of three key elements: the “V” - the “P” - and the RUA. 👇

  1. ➡️ The “V” simply means version, and since there’s currently only one valid version of DMARC, it’s always the same.
  2. ➡️ The “P” means policy, and it tells email servers what to do with an email if it fails authentication. The “P” can be set to one of three options: 1: “None” - In this case email servers do nothing when an email fails authentication. So, there’s no protection against unauthorized emails. Useless? Not quite! This is the setting you want in the first few weeks so you can monitor the reports you will be sent and make necessary adjustments. 2: “Quarantine” - Sends emails that fail authentication to the spam folder. 3: “Reject” - Emails that fail authentication do not get delivered at all. Use this option only when the DMARC reports are on point.
  3. ➡️ The “RUA” tag lets you specify an email address where you want the DMARC reports sent.

2. Go to Your Domain Provider’s DNS Settings Page

Even though you’re setting up the DMARC record for your Office 365 account, you can only actually add your DMARC to your domain provider (or hosting company) — for example, GoDaddy or Namecheap.

Once logged in there, look for the DNS settings page. It could also be called “DNS management,” “name server management,” or similar.

Ask your domain provider if you can’t find it.

3. Add DMARC to Your Domain’s DNS Records

The first thing you should see is a list of other DNS records already there. Don’t worry about them unless there’s already a DMARC there, in which case, consider replacing it with the new one.

With that out-of-the-way, look for a button called “Add a new record,” or similar, and click on it.

Now select the type of record you want to add. It should be a TXT(text) record.

Next up is the Host field. Here, write or copy and paste the value ‘_DMARC’. Typically, your domain will be automatically added after this value by your domain provider.

Form to add a DNS record to a domain

In the Value/Target field, you have to actually add the DMARC record you created earlier. Make sure to add your own email address:

👉 v=DMARC1; p=none; rua=mailto:youremail@yourdomain.com

Click save, and you’re done!

Or maybe not….

4. Verify Your DMARC Record

We wish that after setting up a DMARC record, it would instantly be active.

Unfortunately, that’s not how things work with DNS changes. It can take up to 48 hours for the DNS to update.

The good news is that it usually activates much sooner than that.

You can use a DMARC checker to validate your DMARC record.

We recommend lemwarm’s DNS Checks feature. It lets you know if your domain authentication records are in order.

Screenshot of lemwarm DNS checks feature

We developed lemwarm to keep your emails out of the spam folder.

Other Technical Settings to Complete

If everything went well, you should now have your DMARC record set up for your Office 365 account.

Don’t forget there are other technical things to set up, such as your SPF records, DKIM records, MX records, and a Custom Tracking Domain. The first three need to be set up before your DMARC record!

Additionally, if you have a new email or domain, you must warm it up first. If you don’t warm it up, your emails may land in the spam folder. Email Service Providers don’t like it when you start sending 100s of emails seemingly out of the blue.

lemwarm, voted as the best email warm-up service in a Reddit poll, can help you warm up your email on autopilot. As a bonus, it facilitates setting up your technical configuration through its DNS Checks feature and comprehensive support documentation.

It takes 3 minutes to avoid spam forever

Discover how to apply these tips on lemwarm and avoid spam forever.