What is a DMARC record ?

DMARC stands for “Domain-based Message Authentication, Reporting & Conformance.”  DMARC is built upon two other authentication protocols: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).  DMARC policy tells a receiving server how to handle an incoming email claiming to be coming from a particular domain.

Publishing a DMARC record protects your brand by ensuring that email is properly authenticating against DKIM and SPF standards, and that any fraudulent activity appearing to come from your domain is timely blocked.

How to create a DMARC record

You can configure DMARC by adding policies to your domain’s DNS as TXT records.  The TXT record read as “_dmarc.your_domain.com.”  You need to replace your_domain.com with your domain for which you are creating the DMARC record.

Here are common tags used in DMARC TXT records:

Tag NameRequiredPurposeSample
vrequiredProtocol versionv=DMARC1
prequiredPolicy for domainp=reject (or quarantine or normal)
pctoptional% of messages subjected to filteringpct=50
ruaoptionalReporting email address of aggregate reportsrua=mailto:name@your_domain.com
rufoptionalAddresses to which message-specific forensic information is to be reported (comma-separated plain-text list).ruf=mailto:name@your_domain.com
rfoptionalThis part tells the receiving server what kind of reporting the policyholder wants (comma-separated plain-text list of values).rf=afrf
aspfoptionalAlignment mode for SPFaspf=r
spoptionalPolicy for subdomains of the domainsp=r
adkimoptionalAlignment mode for DKIMadkim=r

You can generate your DMARC record using any of the tools available online. Once you have generated the record you would need a TXT record in your domain’s DNS.

Contact us if you need help generating or setting the DMARC record.