How to create a DMARC record? Once SFP and DKIM are in place, you configure DMARC by adding policies to your domain’s DNS records in the form of TXT records (just like with SPF or DKIM).
The TXT record name should be “_dmarc.your-domain.com.” where “yourdomain.com” is replaced with your actual domain name (or subdomain).
Here are common tags used in DMARC TXT records:
|p||required||Policy for domain||p=quarantine|
|sp||optional||Requested handling policy for subdomains||sp=reject|
|adkim||optional||Alignment mode for DKIM||adkim=s|
|aspf||optional||Alignment mode for SPF||aspf=r|
|pct||optional||% of messages subjected to filtering||pct=20|
|ruf||optional||Addresses to which message-specific forensic information is to be reported (comma-separated plain-text list of URIs).||ruf=mailto:[email protected]|
|rua||optional||Reporting URI of aggregate reports||rua=mailto:[email protected]|
|fo||optional||Failure reporting format(s)||fo=0|
|ri||optional||Aggregate Reporting interval||ri=3600|
Only the v (version) and p (policy) tags are required. Three possible policy settings, or message dispositions, are available:
- none – Take no action. Log affected messages on the daily report only.
- quarantine – Mark affected messages as spam.
- reject – Cancel the message at the SMTP layer.
Alignment mode (aspf / adkim) refers to the precision with which sender records are compared to SPF and DKIM signatures, with the two possible values being relaxed or strict. represented by “r” and “s” respectively. In short, relaxed allows partial matches, such as subdomains of a given domain, while strict requires an exact match.
Generally, the following settings are appropriate for the DMARC key:
_dmarc.your_domain_name.tld. IN TXT "v=DMARC1;p=none;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400"