Prolateral Consulting Ltd
Prolateral Consulting Ltd
Support
Support
Knowledgebase Articles
Help
Setup examples
Support

Prolateral offers primary and backup domain (DNS) services, with servers in key geographic locations providing the best service possible.

What is a "DMARC" record?

Problem

What is a "DMARC" record?

Solution

A Domain-based Message Authentication, Reporting, and Conformance record, or DMARC Record, is used to publish in DNS a policy that details what happens if a email from that domain fails verification.

Below is an example of a DMARC record.

Craig owns the domain example.com. He already has published a SPF record detailing what email servers are allowed to send emails on behalf of his domain name.  He now wants to add a DMARC policy to detail the domain can send emails, but no subdomain can, and also set up a feedback mailbox for forensic reports on messages that fail against the DMARC policy.

He adds the following TXT record to his DNS domain zone file

_dmarc.example.com. TXT "v=DMARC1; p=quarantine; sp=reject; rua=mailto:dmarc-rua@example.com; ruf=mailto:dmarc-ruf@example.com; aspf=s; fo=1;"

The breakdown of that record is as follows

v=DMARC1 This indicates the version of DMARC being used, which is currently version 1.
p=quarantine This specifies the policy for handling messages that fail authentication checks. In this example, the policy is set to "quarantine", which means that any messages that fail SPF and/or DKIM checks will be isolated, typcially in the spam folder or spam quarantine.
sp=reject This specifies the policy for handling messages that come from subdomains of the domain. In this example, the policy is set to "reject", which means that any messages that fail SPF and/or DKIM checks will be rejected by the receiving email server and not delivered to the recipient.
rua=mailto:dmarc-rua@example.com This specifies an email address where the receiving email server should send aggregate DMARC reports. These reports provide information on how many messages passed and failed DMARC checks, along with other details.
ruf=mailto:dmarc-ruf@example.com This specifies an email address where the receiving email server should send forensic DMARC reports. These reports contain detailed information about the specific message that failed DMARC checks, including message headers and other technical information.
aspf=s This specifies the alignment mode for SPF. In this example, the mode is set to "Strict"
fo=1 Forensic Reporting Options pertains to how forensic reports are created and presented to DMARC users. In this example, Generate a DMARC failure report if any underlying authentication mechanism (SPF or DKIM) produced something other than an aligned “pass” result.

 

Related Articles

User Rating: 4 / 5   

like it, love it, then share it. Share this article on social media.

Did you enjoy this article?

Disclaimer

The Origin of this information may be internal or external to Prolateral Consulting Ltd. Prolateral makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Prolateral makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.