DMARC Record

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a protocol that builds on top of SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to provide email domain owners with control over how their email is authenticated and how failed authentication attempts should be handled.

A DMARC record is a DNS (Domain Name System) record that specifies the email authentication policy for a domain. It tells email receiving servers how to handle emails that claim to be from the domain but fail authentication checks (SPF, DKIM). Additionally, it provides instructions on how to report these failures back to the domain owner.

Here’s an example of how a DMARC record might look:

_dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1"

In this example:

  • _dmarc.example.com. is the domain for which the DMARC policy is being set.
  • IN TXT specifies the class of the record (Internet) and the record type (TXT).
  • "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1" is the DMARC policy.

Explanation of DMARC policy components:

  • v=DMARC1: Indicates the version of DMARC being used.
  • p=reject: Specifies the policy action to be taken if an email fails DMARC authentication. In this case, it’s set to “reject”, meaning that emails failing authentication should be rejected by the recipient’s mail server.
  • rua=mailto:[email protected]: Specifies an email address to which aggregate DMARC reports should be sent. These reports provide information about the email traffic claiming to be from the domain.
  • ruf=mailto:[email protected]: Specifies an email address to which forensic DMARC reports should be sent. These reports provide detailed information about individual email authentication failures.
  • fo=1: Specifies the format for the failure reports. In this case, it’s set to “1”, which requests that only failed authentication results are included in the reports.

DMARC records are crucial for email security and domain reputation management, as they help prevent email spoofing and phishing attacks while allowing domain owners to monitor and improve their email authentication practices.


Discover more from

Subscribe to get the latest posts to your email.

Leave a Reply

Select your currency
ZAR South African rand

Discover more from

Subscribe now to keep reading and get access to the full archive.

Continue reading

Scroll to Top