DMARC Record format provides instructions to mail receiving servers that triggers an action when a particular email is delivered. The format contains a set of policies that shape the framework for email sender authentication, policy enforcement, and reporting.
This blog post teaches you about the DMARC record contents, what each field inside the DMARC record signifies, and the recommended DMARC record formatting for domain-level email authentication.
Define a DMARC Record
A DMARC Record contains a list of tags or mechanisms that is defined within a DNS TXT record responsible for influencing how mail servers process email messages and whether or not an email is originating from where it is claiming to be.
The purpose of this record is to identify the sender’s domain and its reputation. If a receiver believes that an email has been sent by someone who is impersonating the sender, it can quarantine or reject the message. The receiver may send a DMARC report to the sender containing the status of the authentication.
A DMARC record format usually includes the following information about an email message:
- The domain name
- The enforcement mode that receiving SMTP servers should consider while handling the message
- An indicator that the message is authenticated with DKIM or SPF
- An indicator as to whether or not DMARC reporting is enabled for the message in which case supporting ESPs can send authentication data to the requesting domain’s configured email address
What is the correct DMARC Record Format?
The DMARC record format is important since recipients query the DNS to discover records and when they are faced with one with an incorrect format, it may return a permerror result. In some cases it can even lead to DMARC fail!
It’s pretty easy to go wrong with your DMARC record format.
- Excess spaces in your record format
- Missing semicolons
- DMARC policy not enabled
- Missing protocol version
- Redundant DMARC sp tag
DMARC TXT RR Format
The DMARC TXT RR format is a universally supported text field and is specially formatted for use by application-specific data that will be present in the message.
This format is used by SPF and DKIM, as well as DMARC receivers to parse the message.
The format of this text field is:
_dmarc IN TXT “dmarc specific text” ; alternatively [in FDQN] _dmarc.domain.name. IN TXT “dmarc specific text” |
➜ The first component of a DMARC TXT RR is always _dmarc. It could also be in the FQDN form, which is _dmarc.domain.name. This label enables the email receiving domain to discover the presence of DMARC data.
➜ The domain.name value is a string that represents the domainname. The domain.name value is also calculated by taking the left-most label with a non-zero length provided by the Receiving Mail Transfer Agent (MTA) and using it as the name of your domain. For most suffixes, the first label always labels the top-level domain. For example, for .com it will be the first label to the left of .com. Whereas, for .uk it will be next two labels to the left of .uk (as .co comes before .uk as well)
DMARC Policy Record Format
DMARC policy record format is a data structure that can be used to specify the DMARC policies for a domain. It is composed of two parts: the header and the body. The header is a unique identifier for the DMARC policy record, and its purpose is to provide context for the data that follows in the body. The body contains the actual data about which policies are being applied, and it includes information about how to interpret each policy’s intended effect.
The format of this text field is:
v=DMARC1; p=reject; rua=mailto:[email protected], mailto:[email protected]; pct=100; adkim=s; aspf=s; |
The v and p tags of the DMARC policy record are of utmost importance, without which the policy record would never work. All other remaining tags are optional and can be listed in any order.
➜ The v tag always comes first in the DMARC Record format. The v tag must take the DMARC1 value, specifying the version of the protocol in use.
➜ The p (policy) tag specifies policies for receiving messages. Valid values include none, reject, quarantine, and soft-quarantine.
Some other optional tags include
➜ The rua tag (optional but recommended) – which indicates which mailing list(s) will receive mail directly from this domain name. It can be set to Mailto:, Mail*, or Mail.* (the latter indicating all three lists).
➜ The DMARC pct value (default value: 100) represents the percentage of messages that should be rejected. The adkim tag indicates the DKIM alignment mode. And the aspf tag represents the SPF alignment mode. Both the r and s labels in the adkim and aspf tags speak for relaxed or strict alignments, respectively.
Let PowerDMARC Power Up Your Email Reputation via Correct Formatting of Your DMARC Record!
DMARC doesn’t work unless there’s a correct DMARC Record format in place. That’s why it’s so important to make sure that any domain you’ve registered has DMARC records set up in a correct format. You can check the accuracy of your DMARC record format accuracy by using our free DMARC Record Checker Tool.
- Travel Cybersecurity Threats and How to Stay Protected - December 18, 2024
- Cybersecurity Best Practices for Digital Nomads in Japan - December 17, 2024
- NCSC Mail Check Changes & Their Impact on UK Public Sector Email Security - December 13, 2024