How to Set Up a DMARC Record in OVH - Step-by-Step Guide

If you want better open rates and prevent criminals from launching phishing attacks from your domain…

Then, setting up a DMARC is of the utmost importance.

This post provides a step-by-step guide on configuring a DMARC record for your OVH account.

What a DMARC Record Is 🤷‍♂️

A DMARC record instructs email servers on what to do if an email fails authentication.

An email fails authentication when the sender's domain isn't verified as legitimate by DMARC's authentication mechanisms like SPF and DKIM.

Without DMARC, bad guys could pretend to be sending emails from your domain, which could result in all kinds of cybercrimes, like phishing attacks.

With a well-configured DMARC record, only legitimate senders can send from your domain.

Note: DMARC depends on SPF and DKIM for its authentication. Set up these records first. You must have had a record of successful authentication for these protocols for at least 48 hours before activating DMARC.

Step 1: Prepare Your DMARC Record 📝

First, let’s take a look at an actual DMARC record:

➡️ v=DMARC1; p=none; rua=mailto:youremail@yourdomain.com

Now, if that seems complicated, don’t worry. It’s actually quite simple.

• The ‘v’ stands for ‘version.’ There’s currently only one valid DMARC version, so this is always the same: ´v=DMARC1´.
• The ‘p’ means policy. This setting determines what to do with unauthenticated emails.
• The ‘rua’ tag tells DMARC where to send deliverability reports.

The only slightly complicated component is the ‘p’ part. In the example above, it’s set to ‘none’.

This means that nothing happens to unauthenticated emails; they are delivered normally.

Initially, this setting may appear useless, but it’s actually the recommended starting point for your DMARC record.

It allows you to monitor the reports and make adjustments if necessary. After a few weeks, change the setting to something stricter like:

‘Quarantine’ - sends emails that fail authentication to spam

‘Reject’ - emails that fail authentication do not get delivered at all*

*You should only use ‘reject’ when your DMARC reports are on point.

Step 2: Add Your DMARC Record to OVH ➕

1. In the OVHcloud Control Panel, click the ‘Web Cloud’ tab
2. In the ‘Domain names’ section on the left, select your domain
3. Now click on the ‘DNS zone’ tab
4. Click on ‘Add an entry’ and then on ‘Mail records’ in ‘DMARC’
5. In the ‘Sub-domain’ field, only add ‘_dmarc’ unless you are adding a DMARC record for a subdomain. If that’s the case, you must add the subdomain after the ‘_dmarc’ field. If your subdomain is subdomain.yourwebsite.com then the value here should be: _dmarc.subdomain.
6. Leave the ‘TTL’ to its default settings
7. In ‘Value’, you can enter your DMARC record. The DMARC we shared above is a good starting point but make sure you modify the email address to match yours.
8. Click next to review and save your DMARC

Step 3: Validate Your OVH DMARC ✅

Congrats on setting up your DMARC record!

However, your record can take up to 48 hours to be active.

Usually, it doesn’t take that long, but just so you know, be prepared to wait a day or two.

You can use a DNS checker to determine if your record has been propagated.

The one we recommend comes with a lemwarm subscription. Its DNS checker doesn’t just verify DMARC but also the other vital DNS records such as SPF and DKIM, ensuring comprehensive email authentication and deliverability.

Step 4: Don’t Neglect the Rest of Your Technical Setup 🤷

As mentioned earlier, before enabling DMARC, you should have added your SPF and DKIM records. DMARC works based on these records, so they are essential to your technical setup.

Another important record to set up is the MX record, which you ideally should also set up before DMARC.

Additionally, it’s essential to use a custom tracking domain.

Email service providers use generic custom tracking domains used by most of their customers, even the spammers ;-).

That’s why you want to set up your own domain for tracking (maybe not your primary domain, but one used only by you or your organization).

Oh, and if you’re going to use a new domain or email address, you need to warm up your email.

Just starting to send out hundreds of emails out of the blue will get you marked as a spammer.

Instead, sending volume and frequency should be gradually increased and your emails, in case they land in spam, should be manually moved to the inbox.

Lastly, if you’re sending out emails but don’t get replies to them, it raises a red flag with email service providers.

Natural email correspondence involves a healthy amount of replies.

Doing all of this manually is a heck of a job. It’s effort better spent on other important tasks. That’s why email warm-up services like lemwarm exist.

lemwarm can give you back your time by doing the email warm-up for you. Once set up, the service runs on autopilot and could get you open rates of 65% or better.

‍