All Collections
Technical & Security
Newsroom Setup
Aligning your DMARC policy with sending your emails through PR.co
Aligning your DMARC policy with sending your emails through PR.co

Sending your emails through PR.co in combination with a DMARC policy can be tricky, this guide will give you clear pointers for your setup.

Jeroen Bos avatar
Written by Jeroen Bos
Updated over a week ago

Before reading this article, please make sure that you have your email domain setup completed as mentioned in this article: How to authenticate you email domain.

TLDR;

Already know DMARC and don't want to read this whole article?

  • DO NOT set aspf to strict: aspf=s (it blocks SPF subdomain verification)

  • DO NOT set adkim to struct: adkim=s (it blocks DKIM subdomain verification)

What is DMARC?

DMARC is a security protocol that helps prevent email fraud. It ensures that emails claiming to be from a specific domain are legitimate by using authentication standards like SPF and DKIM. DMARC also provides reporting to help domain owners monitor and improve email security.

With DMARC you also set up a DNS record just as with DKIM, but this contains information for the receiving email server on how to evaluate your SPF and DKIM settings and how to act when an email doesn't match the ascribed evaluation.

For example you can tell the recipient to not trust any email verification from subdomains and what to do if emails do not match that rule: reject, quarantine, none.

We definitely recommend you to set up DMARC as it improves your email sender security, improved your sender score and because DMARC is becoming increasingly more mandatory by large email platforms, Google, Yahoo, Outlook, etc.

Here's how to set up DMARC: How to set up DMARC.

So what do I need to set up?

In relation to PR.co there's three DMARC directives to consider and to make sure to set correctly. For your email sending we use SPF and DKIM email verifications that we set up on a subdomain and not on your main domain. We do this because that gives you more control and makes sure that PR.co won't interfere with your regular email sending.

But this does mean that your DMARC policy needs to accept this.

ASPF Tag (aspf)

This particular tag indicates the SPF identifier alignment portion of your DMARC policy. Like the adkim designation, the aspf tag can be utilized in relaxed (r) or strict (s) modes. Successful alignment happens when the “Mail-From” address and the “From” address domains are identical. In addition, it automatically defaults to the aspf=r setting.


Read all about aspf here.

This tag CAN NOT be set to strict: aspf=s

This doesn't allow for any subdomain SPF verification.

It should be set to be 'relaxed' instead: aspf=r.

ADKIM Tag (adkim)

Similar to aspf, the optional adkim tag is the alignment mode for the DKIM protocol. A sample tag is adkim=r. Read all about adkim here.

This tag CAN NOT be set to strict: adkim=s.

This doesn't allow for any subdomain SPF verification.

It should be set to be 'relaxed' instead: adkim=r.

Subdomain Policy Tag (SP)

Lastly, you could choose to a specific behavior for how your DMARC policy treats subdomain email domains. This tag functions exactly the same as the p tag and so you can choose between reject, quarantine and none.

What you choose here is your personal preference, but it's good to mention that you could for example open up your policy for subdomain verification but still maintain a strict reject policy.

Questions? Send us an 📩 at hello@pr.co

Related Articles
How to authenticate your email domain
Did this answer your question?