How do I set up a DMARC record, and what do the DMARC tags mean?
I'll give you the short answer in this article. If you want to do a deep dive into this technical and important topic, go to the DMARC page.
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It's an email authentication protocol commonly used with DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) to enhance email security and protect against phishing and spam.
A DMARC record tells email senders how emails should be authenticated and what action to take if authentication fails. It also provides email authentication results. When you set up a DMARC record, emails from @gmail.com, @aol.com, and @yahoo.com can be sent using only their original servers.
Creating a DMARC
You create a DMARC by adding a record to your domain's DNS settings. The process is similar to setting up a DKIM record. Below is an example of a DMARC record.
Domain Name System (DNS) is the Internet's phonebook. It changes people-friendly website names (e.g. www.example.com) into computer-friendly IP numbers (93.184.216.34).
When configuring a DMARC record, the TXT Value field includes tags: some mandatory, some recommended, and some optional.
TXT Value =
v=DMARC1;p=none;sp=none;pct=100;rua=mailto:YOUREMAIL;
ruf=mailto:YOUREMAIL;ri=86400;aspf=r;adkim=r;fo=1
DMARC tags
This table shows DMARC tags and functions.
Tag | Type | Function |
v | Required | Set the version of DMARC being used (Always set to v=DMARC1) |
p | Required | Set rules for how email providers should handle emails that may not be legitimate (none, quarantine, or reject) |
rua | Optional | Specify where to send summary reports about email authentication (recommended) |
ruf | Optional | Specify where to send detailed reports when an email fails DMARC validation (recommended) |
adkim | Optional | Decide how strictly to check the sender's signature in emails (Strict or Relaxed) |
aspf | Optional | Decide how strictly to check the sender's domain in emails (Strict or Relaxed; default is Relaxed) |
sp | Optional | Specify rules for subdomains aligned with the main domain's policy |
fo | Optional | Choose what kind of failure reports to receive (none, if either SPF or DKIM fails, if DKIM fails, or if SPF fails) |
rf | Optional | Choose the format for detailed reports on email authentication failures (default: afrf) |
pct | Optional | Determine the percentage of emails to which the DMARC policy applies (default: 100%) |
ri | Optional | Set the time interval between receiving reports about email authentication (default: 86400 seconds) |
Conclusion
That's the short story. I hope you understand why a DMARC record is important for your business and how to read the tags.