DMARC (Domain-based Message Authentication, Reporting and Conformance) is a mechanism that allows to the e-mail senders and receivers to determine or not a given message is legitimately from the sender, and what to do if it isn’t. The DMARC record allows easier to identify spam and/or phishing messages, received in the Customers's mailbox, and to keep them out of there.
Example of DMARC record:
Host | Type | Points to: | TTL |
_dmarc.yourdomain.com | TXT | v=DMARC1;p=reject;pct=100;rua=mailto:mailmaster@postmaster.com | 3600 |
In the example shown above, the sender requests that the receiver outright reject all non-aligned messages and send a report, in a specified aggregate format, about the rejections to a specified address. If the sender was testing its configuration, it could replace “reject” with “quarantine” which would tell the receiver they shouldn’t necessarily reject the message, but consider quarantining it.
DMARC records follow the extensible “tag-value” syntax for DNS-based key records defined in DKIM.
You can see the available tags here:
Tag name | Purpose | Sample |
v | Protocol version | v=DMARC1 |
pct | Percentage of messages subjected to filtering | pct=20 |
ruf | Reporting URI for forensic reports | ruf=mailto:authfail@example.com |
rua | Reporting URI of aggregate reports | rua=mailto:aggrep@example.com |
p | Policy for organizational domain | p=quarantine |
sp | Policy for subdomains of the OD | sp=reject |
adkim | Alignment mode for DKIM | adkim=s |
aspf | Alignment mode for SPF | aspf=r |
To add DMARC, you need to create a TXT record in your DNS Zone. You can see the example below: