2.19.5.3. DMARC setup

DMARC is a TXT record in domain settings, which determines the behavior of recipient servers when receiving messages sent from domain mailboxes.

Before setting

DMARC uses SPF and DKIM, so the first thing you need to do is:

DMARC recording added in domain settings in this form:

Subdomain Type Data
_dmarc TXT v=DMARC1; p=none; rua=mailto:admin@example.com

Options:

  • v - the DMARC version. Required parameter The value is always equal DMARC1.
  • p — the rule for the domain. Required parameter It can take one of the following values:
    • none - do nothing except send reports.
    • quarantine - add emails to spam.
    • reject - reject letters.
  • sp - rule for subdomains. Can take on the same values as p.
  • aspf and adkim — allow you to check compliance with SPF and DKIM records. Can take values:
    • r (relaxed) - soft check.
    • s (strict) - strict compliance.
  • pct - the number of letters to be filtered, in percent. For example, for pct=20 only 20% of emails will be checked.
  • rua — defines the mail to which daily reports should be sent. You can specify multiple mailboxes separated by commas, for example, rua=mailto:admin@example.com,mailto:dmarc@example.com.
  • ruf - defines the mail to which you want to send reports on messages that have not passed the DMARC check. It is set by analogy with rua.
  • fo - defines the conditions for generating reports. Can take values:
    • 0 — send a report if neither SPF nor DKIM authentication has been passed. Default value.
    • 1 — send a report if one of the authentications — SPF or DKIM — is not passed.
    • d — send a report if DKIM authentication is not passed.
    • s — send a report if SPF authentication is not passed.

You can use the online DMARC generators to avoid having to manually create a recording.

The correctness of the finished record can be checked using the online DMARC validators

What does a DMARC record look like in domain settings:

Content