How do I set up DMARC records for subdomains?
Summary
What email marketers say8Marketer opinions
Email marketer from Gmass shares that if you're setting up new subdomains, you should strongly consider using dedicated IP addresses and properly warming them up as per the guidance of your email service provider.
Email marketer from StackOverflow explains that you must create an A record that points to the correct mail server when setting up a new subdomain. SPF must then be configured and tested, followed by DMARC. The DMARC policy should be set to 'none' for initial testing, then quarantine/reject later.
Email marketer from Valimail shares that to set up DMARC for subdomains, you need to create TXT records for each subdomain in your DNS settings. These records should specify the desired DMARC policy (e.g., p=none, p=quarantine, p=reject) and reporting options (e.g., rua=mailto:your-email@example.com). It's recommended to start with a 'p=none' policy to monitor traffic before moving to stricter policies.
Marketer from Email Geeks explains that for DMARC alone, nothing needs to be done unless a different policy than the organizational one is desired for the subdomain. Some providers may want it on the subdomain level. They also suggest updating the DMARC record to include reporting for better monitoring and enforcement.
Email marketer from EmailOnAcid shares that it's important to warm up new subdomains used for sending email, especially when implementing DMARC. Start with small sending volumes and gradually increase them while monitoring deliverability to build a positive reputation for the subdomain.
Email marketer from EasyDMARC explains that setting up DMARC for subdomains involves creating separate DMARC records for each subdomain. A recommended approach is to first implement DMARC at the organizational level and then define specific policies for subdomains. Monitoring reports are crucial to adjust policies based on email traffic.
Email marketer from MXToolbox shares that after setting up DMARC records for subdomains, use tools like MXToolbox's DMARC record lookup to verify that the records are correctly configured and propagating properly. This ensures that the DMARC policy is being applied as intended.
Email marketer from Reddit explains that you need to add a TXT record to your DNS zone for each subdomain. The name should be `_dmarc.subdomain.example.com`. The value will be the DMARC record itself. Start with `v=DMARC1; p=none;` and add a `rua` tag to receive reports.
What the experts say2Expert opinions
Expert from Spam Resource (Steve Linford) emphasizes the importance of a well-formed DMARC record for subdomains, including the correct syntax and placement within the DNS zone. He warns that misconfigurations are common and can negatively impact deliverability.
Expert from Word to the Wise (Laura Atkins) recommends a phased approach to DMARC deployment for subdomains, starting with a 'p=none' policy for monitoring, followed by 'p=quarantine' for testing, and finally 'p=reject' for full enforcement. This strategy allows for careful observation of email flows and adjustments as needed.
What the documentation says4Technical articles
Documentation from RFC7489 (the DMARC standard) specifies how subdomains inherit DMARC policies from the organizational domain. It explains that a policy query for a subdomain should first check for an exact match. If no match, it should query for the organizational domain's policy. This allows both subdomain-specific and inherited policies.
Documentation from DMARC.org details that subdomains, by default, inherit the DMARC policy of the organizational domain if a specific subdomain policy isn't defined. To implement a specific policy, create a TXT record under '_dmarc.subdomain.yourdomain.com' with the desired DMARC settings. This allows for tailored email authentication and reporting per subdomain.
Documentation from Google Workspace Admin Help explains that a subdomain can have its own DMARC policy, which can be different from the main domain's policy. If a subdomain doesn't have a DMARC record, it inherits the main domain's policy. You can specify a different policy for each subdomain to enforce stricter rules or monitor traffic separately.
Documentation from Microsoft indicates that to set up DMARC for a subdomain, you create a TXT record in the DNS settings for the specific subdomain. The record includes the DMARC version, policy, and reporting URI. It is vital to test the DMARC record to ensure correct implementation and policy enforcement.