4.4.6. Configure DMARC

DMARC is a special TXT record that is added to domain settings like this:

The data field contains parameters that define the behavior of recipient servers when receiving messages sent from domain mailboxes.

• v (required parameter) — DMARC version. The value is always equal to DMARC1.
• p (required parameter) — rule for the main domain. Possible values:
  • none — do nothing but send reports.
  • quarantine — put messages into spam.
  • reject — reject messages.
• sp — rule for subdomains. The values are similar to p.
• aspf and adkim — check compliance with SPF and DKIM records. Possible values:
  • r (relaxed) — soft check.
  • s (strict) — strict compliance.
• pct — percentage of messages for which filtering should be applied. For example, pct=20 means to check 20% of messages.
• rua — address of the mailbox to which daily reports should be sent. You can specify several mailboxes separated by commas, for example, rua=mailto:admin@example.com,mailto:dmarc@example.com.
• ruf — address of the mailbox to which to send reports about messages that failed DMARC check. It is set similarly to rua.
• fo — report generation conditions. Possible values:
  • 0 — send a report if both SPF and DKIM authentication fail (default value).
  • 1 — send a report if one of the authentications is not passed: SPF or DKIM.
  • d — send a report if DKIM authentication is not passed.
  • s — send a report if SPF authentication is not passed.

Instead of compiling the record manually, online DMARC generators can be used:

• Our DMARC generator/validator
• MxToolbox | DMARC Record Generator
• Elastic Email | DMARC Generator

The correctness of the ready record can be checked using the DMARC online validators:

• Our DMARC generator/validator
• dmarcian | DMARC Inspector
• MxToolbox | DMARC Lookup
• ORF | DMARC Policy Validator