DMARC
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that helps protect email domains from unauthorized use, such as email spoofing and phishing attacks. DMARC builds on existing protocols like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to provide additional security and reporting features. The DMARC record is a TXT record that specifies how email receivers should handle messages that fail authentication checks.
Structure
v=DMARC1; p=policy; rua=mailto:[email protected]
Components
- v=DMARC1 is the version (always DMARC1)
- p=policy specifies the policy (none, quarantine, or reject)
- rua=mailto:[email protected] is the email address to receive aggregate reports
Examples
- Monitor-only
| Name | Type | Value |
|---|---|---|
example.com |
TXT | v=DMARC1; p=none; rua=mailto:[email protected] |
- Quarantine suspicious emails
| Name | Type | Value |
|---|---|---|
example.com |
TXT | v=DMARC1; p=quarantine; pct=25; rua=mailto:[email protected] |
- Reject unauthorized emails
| Name | Type | Value |
|---|---|---|
example.com |
TXT | v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected] |
Additional Information
To help construct and validate DMARC records, you can use these third-party websites:
MXToolbox DMARC Record Checker
These tools can guide you through creating a DMARC record tailored to your domain's needs and help ensure it's correctly formatted.