DMARC records are a concoction of various mechanisms or DMARC tags that communicate specific instructions to email receiving servers during mail transfer. Each of these DMARC tags contains a value that is defined by the domain owner. Today we are going to discuss what are DMARC tags and what each of them stand for.
Here are all the available DMARC tags that a domain owner can specify in their DMARC record:
|DMARC Tag||Type||Default value||What it means|
|v||mandatory||The v tag represents the DMARC protocol version and always has the value v=DMARC1|
|pct||optional||100||This tag represents the percentage of emails to which the policy mode is applicable. Read more about DMARC pct tag|
|p||mandatory||This tag addresses the DMARC policy mode. You can select from reject, quarantine, and none. Learn more about what is DMARC policy to gain clarity on which mode to select for your domain.|
|sp||optional||The policy mode configured for your main domain(p)||Specifying the subdomain policy, the sp tag is configured to define a policy mode for your subdomains. Learn more about DMARC sp tag to understand when you should configure it.|
|rua||Optional but recommended||The rua tag is an optional DMARC tag that specifies the email address or web server wherein reporting organizations are to send their DMARC aggregate rua data.
Example: rua=mailto:[email protected];
|ruf||Optional but recommended||Similarly, the ruf mechanism specifies the address to which the DMARC forensic ruf report is to be sent. Currently, not every reporting organization sends forensic data.
Example: ruf=mailto:[email protected]
|fo||optional||0||The fo tag caters to the available failure/forensic reporting options domain owners can choose from. If you have not enabled ruf for your domain, you can ignore this.
The available options to choose from are:
0: a DMARC failure/forensic report is sent to you if your email fails both SPF and DKIM alignment
1: a DMARC failure/forensic report is sent to your when your email fails either SPF or DKIM alignment
d: a DKIM failure report is sent if the email’s DKIM signature fails validation, regardless of the alignment
s: a SPF failure report is sent if the email fails SPF evaluation, regardless of the alignment.
|aspf||optional||This DMARC tag stands for the SPF alignment mode. The value can be either strict(s) or relaxed(r)|
|adkim||optional||Similarly, the adkim DMARC tag stands for the DKIM alignment mode, the value of which can be either strict(s) or relaxed(r)|
|rf||optional||afrf||The DMARC rf tag specifies the various formats for Forensic reporting.|
|ri||optional||86400||The ri tag addresses the time interval in seconds between two consecutive aggregate reports sent by the reporting organization to the domain owner.|
Sign up today for a free DMARC trial to gain expert advice on how you protect your domain from spoofers.