Knowledgebase
emscom > emscom Help Desk > Knowledgebase

Search help:


DMARC cheat sheet

Solution

DMARC Record Cheet Sheet

TXT Record Naming

hostname : _dmarc.contoso.com

 

DMARC Policy Values

none : use for report only

quarantine : messages failing dmarc should be quarantined

reject: messages failing dmarc should be rejected

 

tag

valueexplanation
V DMARC1 DMARC protocol version.
p none Apply this policy to email that fails the DMARC check. This policy be set to 'none', 'quarantine', or 'reject'. 'none' is used to collect the DMARC report and gain insight into the current emailflows and their status.
rua mailto:hostmaster@contoso.com A list of URIs for ISPs to send XML feedback to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form 'mailto:test@example.com'.
ruf   A list of URIs for ISPs to send forensic reports to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form 'mailto:test@example.org'.
fo  

Forensic options. Allowed values: '0' to generate reports if both DKIM and SPF fail, '1' to generate reports if either DKIM or SPF fails to produce a DMARC pass result, 'd' to generate report if DKIM has failed or 's' if SPF failed.

----

 

tagvalueexplanation
rf afrf The reporting format for forensic reports. This can be either 'afrf' or 'iodef'.
pct 100 The percentage tag instructs ISPs to only apply the DMARC policy to a percentage of failing email's. 'pct = 50' will tell receivers to only apply the 'p = ' policy 50% of the time against email's that fail the DMARC check. NOTE: this will not work for the 'none' policy, but only for 'quarantine' or 'reject' policies.
adkim r Specifies the 'Alignment Mode' for DKIM signatures, this can be either 'r' (Relaxed) or 's' (Strict). In Relaxed mode also authenticated DKIM signing domains (d=) that share a Organizational Domain with an emails From domain will pass the DMARC check. In Strict mode an exact match is required.
aspf r Specifies the 'Alignment Mode' for SPF, this can be either 'r' (Relaxed) or 's' (Strict). In Relaxed mode also authenticated SPF domains that share a Organizational Domain with an emails From domain will pass the DMARC check. In Strict mode an exact match is required.
sp p=value This policy should be applied to email from a sub-domain of this domain that fail the DMARC check. Using this tag domain owners can publish a 'wildcard' policy for all subdomains.
ri 86400 The reporting interval for how often you'd like to receive aggregate XML reports. This is a preference and ISPs could (and most likely will) send the report on different intervals (normally this will be daily).

---

 

 

 

 
Was this article helpful? yes / no
Related articles spf, dkim and dmarc records
Article details
Article ID: 146
Category: Networking
Date added: 04-05-2021 11:11:11
Views: 293
Rating (Votes): Article not rated yet (0)

 
« Go back

 
Powered by Help Desk Software HESK, in partnership with SysAid Technologies