DMARC Record Generator
GREAT! Your DMARC Record is ready!
Publish the following DNS TXT record on _dmarc.:
DMARC Record
What is DMARC?
DMARC, an acronym for "Domain-based Message Authentication, Reporting, and Conformance," is an email authentication protocol that allows email domain owners to protect their domains against unauthorised use, often known as email spoofing. The major goal of installing DMARC is to prevent a domain from being used in business email compromise attacks, phishing emails, email scams, and other cyber threat activities.
How does DMARC work?
Here’s how DMARC works:
- Alignment with SPF and DKIM: DMARC uses two current email authentication methods: SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail). SPF enables senders to specify which IP addresses are permitted to send mail for a specific domain, whereas DKIM gives an encryption key and digital signature to ensure that an email message was not forged or altered.
- Policy Definition: The domain owner configures a DMARC entry in their DNS records. This DMARC record specifies the rules that the email receiver should follow when dealing with emails claiming to be from that domain. The policy can instruct the recipient to do nothing (none), quarantine the message (mark it as suspect), or reject the message completely.
- Reporting: DMARC also describes how receivers might notify senders when messages pass or fail DMARC review. These reports can help the sender's domain owner gain visibility into the email flow and determine whether and how their domain is being exploited in email attacks.
DMARC Record Syntax
| Tag | Description |
|---|---|
| v (required) | 'v' represents the version of the DMARC policy. It is a required attribute, typically set to 'DMARC1'. |
| p (required) | 'p' stands for the policy to be applied by the receiving domain when DMARC fails, such as 'none', 'quarantine', or 'reject'. This is a required attribute. |
| rua | 'rua' indicates the reporting URI for aggregate reports. This optional attribute specifies the email or URI where aggregate reports should be sent. |
| ruf | 'ruf' specifies the reporting URI for forensic reports. This optional attribute defines the email or URI for sending forensic reports of individual message failures. |
| sp | 'sp' stands for subdomain policy, an optional attribute that specifies the DMARC policy for subdomains of the main domain. |
| adkim | 'adkim' refers to the Alignment Mode for DKIM (DomainKeys Identified Mail). This optional attribute indicates how strictly the domain in the DKIM signature should align with the 'From' domain. |
| aspf | 'aspf' denotes the Alignment Mode for SPF (Sender Policy Framework). This optional attribute indicates the strictness of domain alignment for the SPF check. |
| fo | 'fo' stands for Failure Reporting Options. This optional attribute specifies conditions under which the domain owner wants to receive failure reports. |
| rf | 'rf' represents the format to be used for message-specific failure reports. This optional attribute defines the reporting format, such as 'afrf' or 'iodef'. |
| pct | 'pct' indicates the percentage of messages to which the DMARC policy is to be applied. This optional attribute helps in policy testing and gradual rollout. |
| ri | 'ri' stands for Reporting Interval. This optional attribute defines the interval in seconds for sending aggregate reports. |
