Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=email-dmarc-manager

DMARC Manager

You must have a DMARC Manager license to use this feature.

DMARC Manager is a premium feature in Sophos Email that gives domain owners clear visibility into how their domains are used in outbound email. DMARC Manager is powered by Sendmarc, a trusted third-party provider, and is integrated into Sophos Central to enhance your experience. DMARC aggregate reports are files that include information on the authentication status of messages delivered on behalf of a domain. They show you which sources are sending on your behalf and how their messages were evaluated against your DMARC policy.

After you activate the license in Sophos Central, you can take the following actions:

  1. Configure DMARC Reporting for your gateway-based or mailflow-based domains.
  2. View the DMARC Manager summary from Sophos Central.
  3. Access the DMARC Manager portal with advanced reporting and configuration tools.

Sophos Central provides a basic configuration and a summary view of DMARC activity. For deeper insight and more control, you can go to the DMARC Manager portal to analyze authentication results and configure policies.

The portal supports CNAME-based DNS validation, which reduces the need to manually edit DMARC records. This CNAME-based approach lets you update DNS configurations directly through the portal and centralize the management of your domain's email authentication setup.

DMARC Manager also supports additional features, including BIMI management, TLS-RPT, and MTA-STS record hosting and management.

Benefits

DMARC Manager helps your organization in the following ways.

  • View sources using your domain

    See which sources are sending email on your behalf and whether those messages pass DMARC checks.

  • Detect suspicious or spoofed senders

    Identify spoofed or suspicious senders trying to use your domain without authorization.

  • Strengthen email security posture

    Use DMARC insights to strengthen your organization's email security and reduce spoofing or phishing risks.

  • Simplify DNS record management

    Manage authentication records more easily using CNAME-based DNS validation through the DMARC Manager portal.

  • Access detailed email authentication views

    Access both summary and advanced views of your domain's email authentication data.

Configure DMARC Reporting

You can configure DMARC Reporting individually for each domain. The DMARC Reporting column appears in the domain list under Gateway Domain Settings/Status or M365 Mailflow Domain Settings/Status. This column includes a status link that you can click to begin setup.

Note

Setting up DMARC Reporting for the first time might take longer while the system completes the initial setup.

To configure DMARC Reporting, do the following:

  1. In Sophos Central, go to My Products > General Settings.
  2. Select either Gateway Domain Settings/Status or M365 Mailflow Domain Settings/Status.
  3. In DMARC Reporting, click the Not verified status link for the domain you want to configure.

  4. If prompted, read the text in DMARC reporting setup, then click Proceed.

    The DMARC Manager portal appears.

  5. In the DMARC tab, click View Setup Instructions.

  6. Copy the CNAME record shown and add it to your domain's DNS settings.

    Note

    You can add a TXT record to your domain's DNS, but it won't update automatically. If you change your DMARC configuration later, you must manually update the TXT record in your DNS.

    We recommend using a CNAME record because it updates automatically and doesn't require DNS changes when your DMARC configuration is updated.

  7. After updating your DNS, click Verify to confirm the DMARC configuration.

  8. (Optional) To further strengthen your domain’s security, complete any remaining configurations.

    Tip

    If you're setting up other DNS configurations such as SPF, DKIM, BIMI, TLS-RPT, or MTA-STS, click View Setup Instructions and follow the steps provided. For help, see Domain configuration.

  9. When you've completed your configurations, click Save & Back.

If the configuration is successful, the domain's status changes to Reporting.

When the domain is verified, you can access the DMARC Manager summary and advanced view.

You can turn DMARC Reporting on or off, even if the domain is disconnected.

DMARC Manager summary

The DMARC Manager summary gives an overview of how your domains are used for sending email and how well those messages align with DMARC policies. It shows authentication results across your domains, helps you spot unauthorized senders, and improves email security.

To see the DMARC Manager summary, go to My Products > Email Protection > DMARC Manager.

For help, see DMARC Manager summary.

DMARC Manager portal

The DMARC Manager portal provides a comprehensive view of your domain's email authentication and compliance. The portal provides in-depth reporting and visibility into how your domains are used to send email and whether those messages comply with DMARC policies.

For help, see DMARC Manager portal.