DMARC is a TXT record in domain settings, which determines the behavior of recipient servers when receiving messages sent from domain mailboxes.
DMARC uses SPF and DKIM, so the first thing you need to do is:
DMARC recording added in domain settings in this form:
Subdomain | A type | Data |
---|---|---|
_dmarc | TXT | v=DMARC1; p=none; rua=mailto:admin@example.com |
Options:
v
- the DMARC version. Required parameter The value is always equal DMARC1
.p
- domain rule. Required parameter It can take one of the following values:none
- do nothing except send reports.quarantine
- add emails to spam.reject
- reject letters.sp
- rule for subdomains. Can take on the same values as p
.aspf
and adkim
- allow you to check compliance with SPF and DKIM records. Can take values:r
(relaxed) - soft check.s
(strict) - strict compliance.pct
- the number of letters to be filtered, in percent. For example, for pct=20
only 20% of emails will be checked.rua
- defines the mail to which you want to send daily reports. You can specify multiple mailboxes separated by commas, for example, rua=mailto:admin@example.com,mailto:dmarc@example.com
.ruf
- defines the mail to which you want to send reports on messages that have not passed DMARC check. It is set by analogy with rua
.fo
- defines the conditions for generating reports. Can take values:0
- send a report if neither SPF nor DKIM authentication is passed. Default value.1
- send a report if one of the SPF or DKIM authentication failed.d
- send a report if DKIM authentication is not passed.s
- send a report if SPF authentication is not passed.You can use the online DMARC generators to avoid having to manually create a record.
The correctness of the finished record can be checked using the online DMARC validators
What does a DMARC record look like in domain settings: