DMARC records are a concoction of various mechanisms or DMARC tags that communicate specific instructions to email-receiving servers during mail transfer. Each of these DMARC tags contains a value that is defined by the domain owner. Today we are going to discuss what are DMARC tags and what each of them stands for.
Complete List of DMARC Tags
Here are all the available DMARC tags that a domain owner can specify in their DMARC record:
1. DMARC Tag Type: v
What it means: The v tag represents the DMARC protocol version and always has the value v=DMARC1. It is a mandatory DMARC tag.
2. DMARC Tag Type: pct
What it means: This tag represents the percentage of emails to which the policy mode is applicable. Read more about the DMARC pct tag. It’s an optional tag with a default value of 100.
3. DMARC Tag Type: p
What it means: The policy mode configured for your main domain(p). This mandatory tag addresses the DMARC policy mode. You can select from reject, quarantine, and none. Learn more about what is DMARC policy to gain clarity on which mode to select for your domain.
4. DMARC Tag Type: sp
What it means: Specifying the subdomain policy, the sp tag is configured to define a policy mode for your subdomains. Learn more about the DMARC sp tag to understand when you should configure it. It’s an optional tag.
5. DMARC Tag Type: rua
What it means: Optional but recommended. The rua tag is an optional DMARC tag that specifies the email address or web server wherein reporting organizations are to send their DMARC aggregate rua data. Example: rua=mailto:[email protected];
6. DMARC Tag Type: ruf
What it means: Optional but recommended. Similarly, the ruf mechanism specifies the address to which the DMARC forensic ruf report is to be sent. Currently, not every reporting organization sends forensic data. Example: ruf=mailto:[email protected].
7. DMARC Tag Type: fo
The fo tag is an optional tag that caters to the available failure/forensic reporting options domain owners can choose from. If you have not enabled ruf for your domain, you can ignore this.
The available options to choose from are:
0: a DMARC failure/forensic report is sent to you if your email fails both SPF and DKIM alignment (default value)
1: a DMARC failure/forensic report is sent to your when your email fails either SPF or DKIM alignment
d: a DKIM failure report is sent if the email’s DKIM signature fails validation, regardless of the alignment
s: a SPF failure report is sent if the email fails SPF evaluation, regardless of the alignment.
8. DMARC Tag Type: aspf
What it means: This optional DMARC tag stands for the SPF alignment mode. The value can be either strict(s) or relaxed(r)
9. DMARC Tag Type: adkim
What it means: Similarly, the adkim is an optional DMARC tag that stands for the DKIM alignment mode, the value of which can be either strict(s) or relaxed(r)
10. DMARC Tag Type: rf
What it means: This optional DMARC tag with a default value of afrf. The DMARC rf tag specifies the various formats for Forensic reporting.
11. DMARC Tag Type: ri
What it means: This optional DMARC tag has a default value of 86400. The ri tag addresses the time interval in seconds between two consecutive aggregate reports sent by the reporting organization to the domain owner.
Final Words
To create a record for DMARC instantly, use our free DMARC generator tool. Alternatively, if you have an existing record, check its validity by conducting a DMARC lookup.
Sign up today for a free DMARC trial to gain expert advice on how you protect your domain from spoofers.
- DNS Vulnerabilities: Top 5 Threats & Mitigation Strategies - December 24, 2024
- Introducing DNS Timeline and Security Score History - December 10, 2024
- PowerDMARC One-Click Auto DNS Publishing with Entri - December 10, 2024