2024 got most site owners to quickly implement DMARC in order to meet the anti-spam requirements set by Gmail and Yahoo. Many of you swiftly configured your DMARC records and now find yourselves receiving daily emails with XML attachments and you're not sure what to do next. This guide is designed to provide you with additional information and insights on how to proceed.
Understand the XML Reports You're Being Sent
The XML reports sent to your inbox are not just random data; they hold key information about your email traffic and how it's being handled in the context of DMARC. Understanding these reports is the first step in making sense of the DMARC implementation process.
Make Action
Analyze XML Reports
The initial step involves examining the XML files using a tool that clarifies their content and identifies recurring issues. We recommend using EasyDmarc (https://partners.easydmarc.com/os), which offers a free plan. By registering and slightly modifying your DMARC DNS record to add an additional recipient for notifications, you can access 'aggregate reports'. These reports provide graphs and data tables that break down the XML data over time, making it easier to understand.
Additionally, EasyDmarc's "email investigation" tool (https://partners.easydmarc.com/email-investigation) can be used to diagnose SPF and DKIM issues by simply sending an email from each system you authorize to send emails on your behalf.
Fix SPF and DKIM Records
After setting up your account and DMARC record, the reports will highlight any issues, allowing you to address them. Ensure that your SPF records authorize all systems you intend to use for sending emails, and that your DKIM records are correctly set up for your email providers, such as Shopify, Gmail, Klaviyo, etc.
Continuously Monitor
DMARC is not a set-and-forget measure; it requires ongoing attention and adjustment. Regular monitoring is essential to maintain the effectiveness of your email authentication setup.
Update Your DMARC to Quarantine and Then to Reject
Once you are confident that all your systems are correctly integrated with SPF and DKIM, and your DMARC setup is accurate, begin by changing your DMARC policy from 'none' to 'quarantine'. After a period of observation, perhaps 1-2 months, ensuring your emails are successfully delivered without spam issues, you can then progress to setting your DMARC policy to 'reject'. This gradual transition ensures that you remain compliant while minimizing the risk of legitimate emails being blocked.