Have a Question?
How to create a DMARC record?
How to create a DMARC record? Once SFP and DKIM are in place, you configure DMARC by adding policies to your domain’s DNS records in the form of TXT records (just like with SPF or DKIM).
The TXT record name should be “_dmarc.your-domain.com.” where “yourdomain.com” is replaced with your actual domain name (or subdomain).
Here are common tags used in DMARC TXT records:
Tag name | Required | Purpose | Sample |
v | required | Protocol version | v=DMARC1 |
p | required | Policy for domain | p=quarantine |
sp | optional | Requested handling policy for subdomains | sp=reject |
adkim | optional | Alignment mode for DKIM | adkim=s |
aspf | optional | Alignment mode for SPF | aspf=r |
pct | optional | % of messages subjected to filtering | pct=20 |
ruf | optional | Addresses to which message-specific forensic information is to be reported (comma-separated plain-text list of URIs). | ruf=mailto:authfail@your-domain.com |
rua | optional | Reporting URI of aggregate reports | rua=mailto:aggrep@your-domain.com |
fo | optional | Failure reporting format(s) | fo=0 |
ri | optional | Aggregate Reporting interval | ri=3600 |
Only the v (version) and p (policy) tags are required. Three possible policy settings, or message dispositions, are available:
- none – Take no action. Log affected messages on the daily report only.
- quarantine – Mark affected messages as spam.
- reject – Cancel the message at the SMTP layer.
Alignment mode (aspf / adkim) refers to the precision with which sender records are compared to SPF and DKIM signatures, with the two possible values being relaxed or strict. represented by “r” and “s” respectively. In short, relaxed allows partial matches, such as subdomains of a given domain, while strict requires an exact match.
Generally, the following settings are appropriate for the DMARC key:
_dmarc.your_domain_name.tld. IN TXT "v=DMARC1;p=none;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400"