Email - DMARC (Domain-based Message Authentication)
Table of Contents
About
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a text DNS Record that indicates to the receiving server what actions should be taken if the emails does not pass the email authentication mechanisms
- DomainKeys Identified Mail (DKIM). (preferred by Gmail)
It wards off email spoofing
DKIM and SPF should be set before setting a DNS DMARC record !
DMARC DNS record
The DMARC is a TXT record with the name _dmarc that contains a serie if options called record tags.
The only mandatory tag is v=DMARC1.
For instance, for the most relax policy (ie none policy), you could enter the following DNS record
_dmarc.example.com IN TXT "v=DMARC1; p=none; rua=mailto:[email protected]"
where the options are called record tags and
- p defines the policy
- rua is the email of the report. ie every mail server that gets mail from your domain sends daily reports to [email protected].
- More record-tags
Policy
The policy defines the action taken on messages by the receiving server when they don’t pass the DMARC checks.
| Policy | Description | Report |
|---|---|---|
| none | no action is taken | Yes |
| quarantine | send message to the recipient’s spam or quarantine folder | Yes |
| reject | send a bounce | No |