Introduction
DMARC records work with SPF and DKIM records to help ensure messages accepted by a server are from a legitimate source. This is done by setting a policy for how recipient servers should handle emails that do not match the DMARC record settings. This article is a basic guide on how to craft a DMARC record by breaking down its components.
$hostname $TTL $class $recordtype "$recordtext"
Please note that DMARC records are "all-for-one" in that they apply to all subdomains for the domain unless a DMARC record exists for that specific subdomain.
Procedure
Please note that in the following procedure, "$domain.tld" must be replaced with the domain name for which the DMARC record will be created.
- The "$hostname" field of the DMARC record must begin with
_dmarc
, even if the record is for a subdomain._dmarc.$domain.tld.
_dmarc.subdomain.$domain.tld.
- "$TTL" is the record's time-to-live value, which should be between
1800
and3600
seconds. - The "$class" field must be
IN
.
Please note that the value of this field is alwaysIN
, and many DNS editors, including cPanel's, omit this field in the UI and automatically add it to the finished record. - The "$recordtype" field must be
TXT
since the DMARC record is a text record. - The "$recordtext" field contains multiple tags, with the "v" and "p" tags being the only required ones.
- The "v" tag is the protocol version, which is currently
DMARC1
.v=DMARC1;
- The "p" tag is the handling policy and may have the value
none
,quarantine
, orreject
.p=quarantine;
- The "pct" tag is the percentage of messages that failed DMARC to apply the handling policy to. It should be set to
100
once all testing of the record has been completed.pct=100;
- The "aspf" tag specifies if the SPF alignment check should be
r
elaxed ors
trict.aspf=r;
- The "adkim" tag specifies if the DKIM alignment check should be
r
elaxed ors
trict.adkim=r
- The "v" tag is the protocol version, which is currently
- Once you determine each field's value, the final record can be assembled.
_dmarc.domain.tld. 3600 IN TXT "v=DMARC1; p=quarantine; pct=100; aspf=r; adkim=r"
Please note that the DMARC record must be placed on the domain's authoritative nameservers.
Additional resources
What is the syntax for SPF records?
How do I verify my SPF records are working?
How to view your SPF and DKIM records in the WHM interface
How to view your SPF and DKIM records in the cPanel interface
Comments
0 comments
Article is closed for comments.