Implement DMARC to build trust in your domain and protect against email spoofing and unauthorized use of your domain in email messages.
_dmarc
.
By preventing spoofing, a domain can build trust with mailbox providers, as it allows them to verify that emails are authorized to send on behalf of that domain.
An email must pass either SPF or DKIM checks (but not necessarily both) to achieve DMARC compliance and be considered authenticated. A message fails DMARC if both SPF and DKIM fail on the message.
_dmarc
RecordName | Type | Value |
---|---|---|
_dmarc.example.com | TXT | v=DMARC1; p=none; rua=mailto:dmarcreports@yourdomain.com; |
v
- Version:
This is the version of DMARCp
- Policy:
This is telling the inbox how to process messages that fail DMARC. Options are none
, quarantine
, reject
. It’s a best practice to use quarantine
or reject
, but you should only do it once you know your messages are delivering and fully passing DMARC.rua
- Reporting URI of Aggregate:
Provide a valid address that can receive email. The address can be a different domain than the one on which you set the DMARC policy. The aggregate report comes as an email with a .xml
file attached that shares the IP sources of your messages and if they passed SPF or DKIM.p=none;
before moving to a stricter policy.
dmarc=pass
.
p=quarantine;
. This policy gives mailbox providers greater confidence in your domain since your domain only allows authenticated email.
Policy | Value |
---|---|
p=none; | Allow all email. Monitoring for DMARC failures. |
p=quarantine; | Send messages that fail DMARC to the spam folder |
p=reject; | Bounce delivery of emails that fail DMARC. |
p=quarantine;
or p=reject;
you can explore setting up BIMI, which can provide established brands even greater sending credibility by displaying a logo as an avatar in an email client.
pct
and ruf
parameters, they are
not widely followed by mailbox providers. These settings may not be respected
or followed.Parameter | Purpose | Example |
---|---|---|
v | Protocol version | v=DMARC1 |
pct | Percentage of messages subjected to filtering | pct=20 |
ruf | Reporting URI for forensic reports | ruf=mailto:authfail@example.com |
rua | Reporting URI of aggregate reports | rua=mailto:aggrep@example.com |
p | Policy for organizational domain | p=quarantine |
sp | Policy for subdomains of the OD | sp=reject |
adkim | Alignment mode for DKIM | adkim=s |
aspf | Alignment mode for SPF | aspf=r |