This article contains FAQs regarding the DMARC record in general and pointing the DMARC record to Valimail in particular.




TABLE OF CONTENTS




My DNS does not support NS records. How can I point DMARC to Valimail then?


If your DNS host cannot support NS records, there is a workaround for pointing DMARC to us, which is to do it through a CNAME record.

Here are the instructions to point DMARC to Valimail using a CNAME record:


Record Name: _dmarc.yourdomain.com.

Record Type: CNAME

Record Value: yourdomain.com._dmarca.vali.email.


Please note that DKIM does not have such a workaround so in this situation, you will not be able to point DKIM to Valimail.

This means the DKIM keys will continue to be managed from your DNS for this domain moving forward.




I pointed DMARC to Valimail, but It's showing Not Configured


(If dig shows a valid DMARC TXT/NS pointer record was created)

After you point DMARC to Valimail, sometimes it may take a while until the changes in the DNS will propagate through the internet. After that is finished, your domain will have the Configured status in the platform and from that moment on, you will start to see aggregate reports in the platform for that domain.

Please note that aggregate reports are send every 24 hours, therefore if your domain is Configured today, tomorrow you will see the first aggregate reports.


(If dig shows a mistake in the DMARC TXT/NS pointer record)

We can see that you have created the DMARC pointer record, but unfortunately (insert mistake/problem here)

Please modify your record so that it has this formula:


TXT: 

v=DMARC1; p=none; rua=mailto:dmarc_agg@vali.email


NS: 

Record Name: _dmarc.yourdomain.com

Record Value: ns.vali.email.




What is the difference between pointing DMARC via TXT or NS?


The pointing of DMARC via TXT or NS to Valimail is at first glance the same. Both pointer records share the same primarily function, which is getting aggregate reports to the platform.

However, the differences start after that.


Pointing via TXT will only grant you visibility and monitoring capabilities within the platform.

Pointing via an NS record will grant the option to add more aggregate reports addresses in the platform and most importantly, will grant you access into changing your DMARC policy from p=None to p=Quarantine or p=Reject, whenever your domain is ready for DMARC Enforcement.


Keep in mind that when pointing DMARC with an NS record, that inherits all the current content of your DMARC record, like the RUA, RUF, fo=, ri= and other similar parameters.




I pointed DMARC to Valimail but I don't see any reports


Almost all email providers in the world send out aggregate reports. There are a handful of them who do not and Microsoft is the biggest one of these.

Therefore, if you are using Microsoft Office 365 as an SEG and your the emails on behalf of your domain are only sent internally, or are sent externally only to Microsoft mailbox, that is why you do not see them in the reports.


To test this out, you can send a few emails on behalf of your domain to other mailboxes, ie: Google, Yahoo, etc and then return in the platform after 24 hours approx., where you will see the aggregate reports for those emails.

Please note that aggregate reports are only sent every 24 hours.




Does Valimail support Forensic/Failure reports? Why Not?


Valimail does not support Forensic/Failure reports - we only support and process Aggregate reports.

There are very few mailboxes in the world that support failure reports (most of them are in China).

The main reasons why failure reports are not supported almost anywhere anymore are these:


- They are full of false positives

- They contain PII (Personally Identifiable Information)


Please consult this article in order to learn more about this topic: https://www.valimail.com/blog/dmarc-failure-reports-what-are-they-good-for-absolutely-nothing/