2.24.5.3. Configuring DMARC
DMARC is a TXT record in domain settings, which determines the behavior of recipient servers when receiving messages sent from domain mailboxes.
Before setting
DMARC uses SPF and DKIM, so the first thing you need to do is:
DMARC recording added in domain settings in this form:
| Subdomain | Type | Data |
|---|---|---|
_dmarc | TXT | v=DMARC1; p=none; rua=mailto:admin@example.com |
Options:
v- the DMARC version. Required parameter The value is always equalDMARC1.p— the rule for the domain. Required parameter It can take one of the following values:none- do nothing except send reports.quarantine- add emails to spam.reject- reject letters.
sp- rule for subdomains. Can take on the same values asp.aspfandadkim— allow you to check compliance with SPF and DKIM records. Can take values:r(relaxed) - soft check.s(strict) - strict compliance.
pct- the number of letters to be filtered, in percent. For example, forpct=20only 20% of emails will be checked.rua— defines the mail to which daily reports should be sent. You can specify multiple mailboxes separated by commas, for example,rua=mailto:admin@example.com,mailto:dmarc@example.com.ruf- defines the mail to which you want to send reports on messages that have not passed the DMARC check. It is set by analogy withrua.fo- defines the conditions for generating reports. Can take values:0— send a report if neither SPF nor DKIM authentication has been passed. Default value.1— send a report if one of the authentications — SPF or DKIM — is not passed.d— send a report if DKIM authentication is not passed.s— send a report if SPF authentication is not passed.
You can use the online DMARC generators to avoid having to manually create a recording.
DMARC generators:
The correctness of the finished record can be checked using the online DMARC validators
DMARC validators:
What does a DMARC record look like in domain settings: