Introducing full DMARC support with custom Return-Path domains

We’ve added support for sending your emails with a custom Return-Path domain! We wanted to share why we made this change and how it fits in with our goal of helping you send better emails. With this new update your messages can now be fully aligned with a DMARC policy, ensuring better security and supervision over what emails are sent from your domain.

Wait, what’s a Return-Path? #

The Return-Path is an SMTP header. It defines the address that bounces get sent to and is also used by some email authentication methods. It’s called by a few other names too like bounce address, envelope from, or MAIL FROM. It’s usually one of the first headers you’ll see in a raw email, and emails from Postmark will have a Return-Path header that looks like this:

Return-Path: <<pm_bounces@pm.mtasv.net>>

With our recent updates, you can use our website, API, or official clients to add a custom Return-Path domain to your emails. The Return-Path header on your emails would then look like:

Return-Path: <pm_bounces@pmbounces.example.com>

You don’t have to set your own Return-Path domain, but doing so will allow you to send DMARC compliant messages from your domain. Read on!

Our commitment to DMARC compliant messages  #

As you probably know, email authentication is important to us. Postmark has had support for DKIM and SPF since we launched in 2010. DMARC is becoming more popular and we want to make sure that we fully support it as well. Implementing a DMARC policy for your domain can be risky because your third party emails might be rejected without your knowledge. Luckily, DMARC has reporting built into the specification and we launched a free tool to gather and analyze those reports for you.

DMARC also lets you define what happens to emails that fail the authentication rules you defined in SPF and DKIM. You can create a policy to quarantine or reject emails that fail SPF, DKIM, and alignment (although you should only do that if you’re really sure your legitimate emails won’t be rejected). For an email to be fully aligned according to DMARC, the domain of the From address must match the domain or subdomain of the Return-Path address. This means that your emails can still pass SPF authentication, but not be aligned. With the ability to add a custom Return-Path domain, Postmark fully supports you creating DMARC policies of reject or quarantine.

Getting started with DMARC #

Getting started with DMARC can seem daunting, but Postmark is here to help! The following steps can help you get started with implementing a DMARC policy:

  1. Implement DKIM and SPF first!
  2. Make sure your emails fully align, by adding a custom Return-Path domain.
  3. Sign up for our free DMARC tool. We will guide you in creating a DMARC record with a policy of “none” and you’ll start getting reports on your email sources.
  4. Read and get to know your weekly DMARC digest emails from Postmark to know where your email traffic is coming from.
  5. Once you get all your legitimate emails to 100% alignment, you can modify your DMARC policy flags from “none” to “quarantine” to “reject”.

We think that DMARC is an important addition to the email ecosystem and we want to make sure you take advantage of it! We also realize it can be confusing at times, so please reach out to support@postmarkapp.com at any time so we can help you along in the process.