This article describes how to point DMARC to Valimail via NS, CNAME and TXT record.
This article mainly applies to Valimail Enforce and Align customers. Customers that use the free Valimail Monitor tool can click below to begin the process of pointing DMARC to Valimail.
Pointing DMARC to Valimail for Enforce/Align customers
You will need to add a DMARC NameServer (NS) record to your DNS zone to manage a domain’s DMARC policy within the Valimail system.
To enable DMARC for a domain, please add the following NS record for the “_dmarc” domain to your DNS:
Record Name: _dmarc.yourdomain.com.
Record Type: NS
Record Value: ns.vali.email.
We recommend a TTL of 300 seconds, although using a longer TTL (up to 3600 seconds) should be fine if you'd like to reduce the load on your DNS server. Please note that because of existing DNS TTLs it may take some time for Valimail to detect that you've updated your DNS with the correct settings.
DNS Host does not support custom NS records
In this case, you will need to point your DMARC record to Valimail, by adding the following CNAME record for the “_dmarc” subdomain to your DNS:
Record Name: _dmarc.yourdomain.com.
Record Type: CNAME
Record Value: yourdomain.com._dmarca.vali.email.
When using this method, only the DMARC record and not the reporting domains are managed by Valimail. For more information about setting up external reporting domains when using a CNAME _dmarc record, click here.
Best Practice
Delete the “_dmarc” TXT record from your DNS zones after you’ve added the NS record (or CNAME record). We have noticed possible conflicts between the two records when the DNS Provider is Azure DNS or Cloudflare. As a best practice, make sure the only DMARC record from DNS is the NS record pointing to Valimail.
Pointing DMARC to Valimail for Monitor customers
Update your _dmarc TXT record
This allows Valimail to receive your DMARC aggregate reports.
If you already have a _dmarc TXT record: add mailto:[email protected] to the "rua" parameter. Your TXT record should look as follows:
"v=DMARC1; p=none; rua=mailto:[email protected];" |
If you don't have a _dmarc TXT record: create the following TXT record in DNS:
Type | TXT |
Host/Name | _dmarc.<your domain name> |
Value | "v=DMARC1; p=none; rua=mailto:[email protected];" |
Example: If your domain name is vmcs1.com, the host/name value to create for the TXT record would be _dmarc.vmcs1.com
⚠️ Note:
If a _dmarc TXT record already exists, be sure to only add [email protected] to the "rua" parameter; do not modify any other parameters in the record unless you're sure of what you're doing, you may impact email deliverability for your organization.
No change to your email flow will occur. Valimail will see no PII.
⚠️ Note:
We do not recommend pointing your DMARC record via NS to Valimail. For our Monitor users pointing via TXT will suffice.
Monitor users cannot manage the DMARC record in the Monitor platform, therefore we advise all Monitor customers to only point DMARC via TXT.