Skip to main content

How to build a DMARC record

Donell Cox
  • Updated

Introduction

This is a basic guide on how to craft a DMARC record for your domain. For more extensive information, reference the dmarc.org site. Below shows the anatomy of a DMARC record in an effort to show what options are available and what to use in crafting a new DMARC record.

We would also like to mention that DMARC records are "all-for-one", in that, they would apply to all emails for the domain. Please use caution when crafting a new record.

Procedure

DMARC works in conjunction with SPF and DKIM to help ensure legitimate email authenticates in the correct manner. This is done by settings a policy on what do so with emails that do match the DMARC record settings.

A sample DMARC record for a test domain: cptest@domain.tld

Raw DMARC TXT record:

_dmarc.domain.tld. 897 IN TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@domain.tld; ruf=mailto:dmarc-reports@bounces.domain.tld"

This record contains the following information:

record name: _dmarc.domain.tld.
Protocal version: (v) - v=DMARC1
Policy: (p) - p=quarantine
Percentage of messages for filtering: (pct) - pct=100
Reporting URI for aggregate reports: (rua) - rua=mailto:dmarc-reports@domain.tld
Reporting URI for forensic reports: (ruf) - ruf=mailto:dmarc-reports@bounces.domain.tld

In the above example, the DMARC records would cause the receiver to quarantine all email messages that are non-aligned with the SPF and/or DKIM record of the domain 100% of the time. And send a report to the two email addresses for analysts.

DMARC has more options that can be used than the above. For a full list, we recommend reviewing the "Anatomy of a DMARC resource record in the DNS" section of the dmarc.org webpage.

https://dmarc.org/overview/

Searching for the domain from this third-party site will show any current settings, as well as more detailed information regarding the DMARC options.

https://dmarcian.com/dmarc-inspector/

The DMARC record needs only be placed on the authoritative DNS servers and is a DNS TXT record.

If your nameservers are on cPanel servers, then you can add the record to the server using the WHM DNS Manager.

Or you can add it as a TXT record on third-party nameservers like Amazon Web Services (AWS).

Related articles