What is a DMARC record ?
DMARC stands for “Domain-based Message Authentication, Reporting & Conformance.” DMARC is built upon two other authentication protocols: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). DMARC policy tells a receiving server how to handle an incoming email claiming to be coming from a particular domain.
Publishing a DMARC record protects your brand by ensuring that email is properly authenticating against DKIM and SPF standards, and that any fraudulent activity appearing to come from your domain is timely blocked.
How to create a DMARC record
You can configure DMARC by adding policies to your domain’s DNS as TXT records. The TXT record read as “_dmarc.your_domain.com.” You need to replace your_domain.com with your domain for which you are creating the DMARC record.
Here are common tags used in DMARC TXT records:
|p||required||Policy for domain||p=reject (or quarantine or normal)|
|pct||optional||% of messages subjected to filtering||pct=50|
|rua||optional||Reporting email address of aggregate reports||rua=mailto:[email protected]_domain.com|
|ruf||optional||Addresses to which message-specific forensic information is to be reported (comma-separated plain-text list).||ruf=mailto:[email protected]_domain.com|
|rf||optional||This part tells the receiving server what kind of reporting the policyholder wants (comma-separated plain-text list of values).||rf=afrf|
|aspf||optional||Alignment mode for SPF||aspf=r|
|sp||optional||Policy for subdomains of the domain||sp=r|
|adkim||optional||Alignment mode for DKIM||adkim=r|
You can generate your DMARC record using any of the tools available online. Once you have generated the record you would need a TXT record in your domain’s DNS.
Contact us if you need help generating or setting the DMARC record.