With all the new anti-spam rules, you may have come across the acronym DMARC. This article gives you a quick primer on DMARC and how to create a record. To learn more, visit the DMARC site.
What is DMARC?
Domain-based Message Authentication, Reporting, and Conformance (DMRAC) is an email authentication protocol. It is often used with DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) to fight spam.
A DMARC record tells email senders what to do when they find a spammy email. When you set up a DMARC record, messages from popular email providers like Gmail, AOL.com, and Yahoo can only be sent using their original servers. That hinders spammers, for instance, from pretending to send "real looking" email messages from a Gmail account.
Creating a DMARC record
You create a DMARC by adding a record to your domain's DNS settings. The process is similar to setting up a DKIM record. Below is an example of a DMARC record.
Domain Name System (DNS) works like the Internet's phonebook. It converts human-friendly website names (e.g. www.disney.com) into computer-friendly IP numbers (130.211.198.204).
When creating a DMARC record on your DNS, the TXT Value field includes mandatory, recommended, and optional tags.
TXT Value:
v=DMARC1;p=none;sp=none;pct=100;rua=mailto:YOUREMAIL;
ruf=mailto:YOUREMAIL;ri=86400;aspf=r;adkim=r;fo=1
DMARC tags
This table shows DMARC tags and functions.
Tag | Type | Function |
v | Required | Set the version of DMARC being used (Always set to v=DMARC1) |
p | Required | Set rules for how email providers should handle emails that may not be legitimate (none, quarantine, or reject) |
rua | Optional | Specify where to send summary reports about email authentication (recommended) |
ruf | Optional | Specify where to send detailed reports when an email fails DMARC validation (recommended) |
adkim | Optional | Decide how strictly to check the sender's signature in emails (Strict or Relaxed) |
aspf | Optional | Decide how strictly to check the sender's domain in emails (Strict or Relaxed; default is Relaxed) |
sp | Optional | Specify rules for subdomains aligned with the main domain's policy |
fo | Optional | Choose what kind of failure reports to receive (none, if either SPF or DKIM fails, if DKIM fails, or if SPF fails) |
rf | Optional | Choose the format for detailed reports on email authentication failures (default: afrf) |
pct | Optional | Determine the percentage of emails to which the DMARC policy applies (default: 100%) |
ri | Optional | Set the time interval between receiving reports about email authentication (default: 86400 seconds) |
Wrap up
Now you know what a DMARC does and how to create a DMARC record.