Understand DMARC DNS Record

DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance, is a DNS TXT record that can be published for a domain to control what happens if a message fails authentication (i.e., the recipient server can’t verify that the message’s sender is who they say they are). A published DMARC record basically serves two purposes:

Tells the recipient server to either: Quarantine the message, Reject the message, or Allow the message to continue delivery
Sends reports to an email address or addresses with data about all the messages seen from the domain
Those two benefits alone drive home the huge value of setting up DMARC!

There is a total of 11 tags that can be applied to a DMARC policy. Of those 11, the “v” and “p” tags are required, and we also strongly recommend the “rua” tag in order to receive the reports. Below is a full list of tags that can be added to a DMARC record.

Version (v)The v tag is required and represents the protocol version. An example is v=DMARC1 More Info
Policy (p)The required p tag demonstrates the policy for domain (or requested handling policy). It directs the receiver to report, quarantine, or reject emails that fail authentication checks. Policy options are: 1) None 2) Quarantine or 3) Reject. More Info
Percentage (pct)This DMARC tag specifies the percentage of email messages subjected to filtering. For example, pct=25 means a quarter of your company’s emails will be filtered by the recipient. More Info
RUA Report Email Address(es) (rua):This optional tag is designed for reporting URI(s) for aggregate data. An rua example is rua=mailto:[email protected] More Info
RUF Report Email Address(es) (ruf)Like the rua tag, the ruf designation is an optional tag. It directs addresses to which message-specific forensic information is to be reported (i.e., comma-separated plain-text list of URIs). An ruf example is ruf=mailto:[email protected] More Info
Forensic Reporting Options (fo)The fo tag pertains to how forensic reports are created and presented to DMARC users. More Info
ASPF Tag (aspf)The aspf tag represents alignment mode for SPF. An optional tag, aspf=r is a common example of its configuration. More Info
ADKIM Tag (adkim)Similar to aspf, the optional adkim tag is the alignment mode for the DKIM protocol. A sample tag is adkim=r More Info
Report Format (rf)Forensic reporting format(s) is declared by the DMARC rf tag. More Info
Report Interval (ri)The ri tag corresponds to the aggregate reporting interval and provides DMARC feedback for the outlined criteria. More Info
Subdomain Policy (sp)This tag represents the requested handling policy for subdomains. More Info

Ref: What is a DMARC Record? – What does it look like? – MxToolbox