What are DMARC record tags?

A typical DMARC record looks like this:

v=DMARC1; p=none; ri=3600; rua=mailto:5b06a240321f1@ag.dmarcly.com; ruf=mailto:5b06a240321f1@fo.dmarcly.com; sp=none; adkim=s; aspf=s; fo=0:1:d:s;

It consists of multiple tags which define how the email service provider (ESP) should behave when it sends the DMARC reports. We will explain each of the tags below.

v is DMARC protocol version. It's DMARC1 by default.

p is the policy. Apply this policy to email that fails the DMARC check. This policy be set to 'none', 'quarantine', or 'reject'. 'none' is used to collect the DMARC report and gain insight into the current emailflows and their status. 'quarantine' is used to quarantine failed emails in SPAM folder of mailbox. 'reject' is used to reject the failed emails downright.

ri is the reporting interval in seconds. It defines how often you'd like to receive aggregate XML reports. This is a preference and ISPs could (and most likely will) send the report on different intervals (normally this will be daily).

rua is a list of URIs for ESPs to send aggregate reports to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form 'mailto:test@example.com'.

ruf is a list of URIs for ESPs to send forensic reports to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form 'mailto:test@example.org'.

sp is the subdomain policy. This policy should be applied to email from a subdomain of this domain that fail the DMARC check. Using this tag domain owners can publish a 'wildcard' policy for all subdomains.

adkim specifies the 'Alignment Mode' for DKIM signatures, this can be either 'r' (Relaxed) or 's' (Strict). In Relaxed mode also authenticated DKIM signing domains (d=) that share a Organizational Domain with an emails From domain will pass the DMARC check. In Strict mode an exact match is required.

aspf specifies the 'Alignment Mode' for SPF, this can be either 'r' (Relaxed) or 's' (Strict). In Relaxed mode also authenticated SPF domains that share a Organizational Domain with an emails From domain will pass the DMARC check. In Strict mode an exact match is required.

fo is forensic options. Allowed values: '0' to generate reports if both DKIM and SPF fail, '1' to generate reports if either DKIM or SPF fails to produce a DMARC pass result, 'd' to generate report if DKIM has failed or 's' if SPF failed.

rf specifies the reporting format for forensic reports.

pct is the percentage tag which instructs ISPs to only apply the DMARC policy to a percentage of failing email's. 'pct = 50' will tell receivers to only apply the 'p = ' policy 50% of the time against email's that fail the DMARC check. NOTE: this will not work for the 'none' policy, but only for 'quarantine' or 'reject' policies.

Do you find this article useful?

 
1
 
0