DMARC is built on top of two existing mechanisms, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It allows the administrative owner of a domain to publish a policy on which mechanism (DKIM, SPF or both) is employed when sending email from that domain and how the receiver should deal with failures. Additionally, it provides a reporting mechanism of actions performed under those policies. It thus coordinates the results of DKIM and SPF and specifies under which circumstances the
From: header field, which is often visible to end users, should be considered legitimate.
Once you have SPF and DKIM records added to your DirectAdmin DNS zones you probably also want to implement this.
This guide shows you how to implement DKIM: https://help.directadmin.com/item.php?id=569
The implementation of DMARC is not that well documented. This page https://help.directadmin.com/item.php?id=596 tells you how to implement DMARC for new domains but there is no solution given for existing domains.
To implement DMARC for existing domains in DirectAdmin run the following code (on your own responsibility).
(We decided to turn off email reports, if you need a different value in the DNS zone then replace the bold part).
# Make a backup of the zone files to folder /var/named_backup
cp -rp /var/named /var/named_backup
# For all .db files add a line with the DMARC record
files=*.db; for file in $files; do domain=`echo $file | sed -e "s/\.db$//"`; echo -e "_dmarc\t14400\tIN\tTXT\t\"v=DMARC1; p=none; sp=none;\"" >> $file ; done;
# Rewrite all zones
echo "action=rewrite&value=named" > /usr/local/directadmin/data/task.queue; /usr/local/directadmin/dataskq d2000
Now all domains contain this new record:
You can check if your record is valid on this page.