Skip to main content
All CollectionsEmail Accounts
DMARC Record
DMARC Record

Everything you need to know about DMARC: What is a DMARC record? and how to enable DMARC for your domain?

Martina Zeroska avatar
Written by Martina Zeroska
Updated over a week ago

Domain-based Message Authentication, Reporting and Conformance, or DMARC, is a technical standard that protects both the senders and the recipients.

DMARC record explained

DMARC goes along with the SPF and DKIM, meaning in order for an email to pass DMARC it must pass SPF authentication and SPF alignment and/or pass DKIM authentication and DKIM alignment. Basically, if the SPF and DKIM fail, DMARC lets the domain owner decide what should happen to an email via a DMARC policy.

There are three DMARC policies the domain owner can enforce:

  • None (the message is delivered to the recipient and the DMARC report is sent to the domain owner)

  • Quarantine (the message is moved to a quarantine folder) and

  • Reject (the message is not delivered at all).

There are only four attributes found in most DMARC DNS records. These are:

  • v — ‘DMARC1’ for the current DMARC revision. This attribute must appear first.

  • p — Specifies the enforcement level requested by the sender. Allowed values include ‘none’, ‘quarantine’, and ‘reject’. This attribute is required and must be the second attribute in the record.

  • rua — A comma-separated list of URLs for aggregate report delivery. These are typically ‘mailto’ URLs. This attribute is optional.

  • ruf — A comma-separated list of URLs for forensic/failure report delivery. These are typically ‘mailto’ URLs. This attribute is optional.

So a sample DMARC record for example.com might be:

v=DMARC1; p=quarantine; rua=mailto:dmarc_agg@vali.email; ruf=mailto:dmarc-reports@example.com

How to configure а DMARC record

It is possible to define a DMARC policy in a DNS record without first setting up SPF and DKIM, however, without SPF and DKIM set up, DMARC would not be able to do anything.

DMARC policies define how SPF and DKIM records should be handled by email servers. A critically important element of DMARC policy is that it also provides a reporting mechanism so domain administrators can identify if emails are failing or if an attacker is attempting to spoof a given domain.

Just like SPF, DMARC is a simple one-line entry in the domain's DNS records. Log in to your domain registrar and click on the option to manage or configure DNS settings. Find and click the 'Add a New Record' option and choose a 'TXT' record.

Here's a sample DMARC entry for the test domain DMARC site:

v=DMARC1; p=quarantine; rua=mailto:reports@dmarc.site; ruf=mailto:reports@dmarc.site; adkim=r; aspf=r; rf=afrf

Related Articles
Understanding Authentication Records and Configuration Test Results
SPF Record
DKIM record
Did this answer your question?