DMARC tags

DMARC records are a concoction of various mechanisms or DMARC tags that communicate specific instructions to email receiving servers during mail transfer. Each of these DMARC tags contains a value that is defined by the domain owner. Today we are going to discuss what are DMARC tags and what each of them stand for. 

Types of DMARC Tags

Here are all the available DMARC tags that a domain owner can specify in their DMARC record:

DMARC Tag Type Default value What it means
v mandatory The v tag represents the DMARC protocol version and always has the value v=DMARC1 
pct optional 100 This tag represents the percentage of emails to which the policy mode is applicable. Read more about DMARC pct tag
p mandatory This tag addresses the DMARC policy mode. You can select from reject, quarantine, and none. Learn more about what is DMARC policy to gain clarity on which mode to select for your domain. 
sp optional The policy mode configured for your main domain(p) Specifying the subdomain policy, the sp tag is configured to define a policy mode for your subdomains. Learn more about DMARC sp tag to understand when you should configure it. 
rua Optional but recommended The rua tag is an optional DMARC tag that specifies the email address or web server wherein reporting organizations are to send their DMARC aggregate rua data

Example: rua=mailto:[email protected];

ruf Optional but recommended Similarly, the ruf mechanism specifies the address to which the DMARC forensic ruf report is to be sent. Currently, not every reporting organization sends forensic data. 

Example: ruf=mailto:[email protected]

fo optional 0 The fo tag caters to the available failure/forensic reporting options domain owners can choose from. If you have not enabled ruf for your domain, you can ignore this. 

The available options to choose from are: 

0:  a DMARC failure/forensic report is sent to you if your email fails both SPF and DKIM alignment

1:  a DMARC failure/forensic report is sent to your when your email fails either SPF or DKIM alignment

d: a DKIM failure report is sent if the email’s DKIM signature fails validation, regardless of the alignment

s: a SPF failure report is sent if the email fails SPF evaluation, regardless of the alignment.

aspf optional This DMARC tag stands for the SPF alignment mode. The value can be either strict(s) or relaxed(r)
adkim optional Similarly, the adkim DMARC tag stands for the DKIM alignment mode, the value of which can be either strict(s) or relaxed(r) 
rf optional afrf The DMARC rf tag specifies the various formats for Forensic reporting.
ri optional 86400 The ri tag addresses the time interval in seconds between two consecutive aggregate reports sent by the reporting organization to the domain owner.

To create a record for DMARC instantly, use our free DMARC generator tool. Alternatively, if you have an existing record, check its validity by conducting a DMARC lookup

Sign up today for a free DMARC trial to gain expert advice on how you protect your domain from spoofers.