DMARC (Domain-based Message Authentication, Reporting & Conformance) defines how an incoming email should be handled depending on the results of the SPF check and the DKIM validation as well as other alignments of addresses and domains.
A DMARC validation checks if an incoming email corresponds to what the recipient knows about the sender. If the DNS zone of the sender's domain contains a DMARC record, the DMARC validation follows the SPF record check and the DKIM validation.
Setting a DMARC Record:
A DMARC record is required to perform DMARC validations (see DMARC Validation) on emails from a domain. You can set a DMARC record for your domain.
1. Create a TXT record with the following name in the DNS zone of your domain. Replace <domain.tld> with your domain.
2. Define the DMARC policy according to the following sample pattern in the TXT record. Replace <email@example.com> with an email address.
Tags in DMARC Records:
DMARC records are made up of tags. The tags of a DMARC record contain specifications for DMARC validations of emails sent from the domain to recipients outside the domain.
The following table provides an overview and explanation of the tags that can be used in DMARC entries. All tags but v and p are optional.
This tag determines which DMARC protocol version is used.
The only possible value for this tag is
This tag determines how to handle an email from the domain in case its DMARC validation fails.
We recommend the value
This tag determines the percentage of emails for which DMARC validations are performed. Possible values for this tag are numbers from 1 to 100.
We recommend the value
This tag determines the email address to which daily aggregate reports about failed DMARC validations are sent.
This tag determines the email address to which forensic reports about single emails for which the DMARC validation has failed are sent.
This tag determines how to handle an email from a subdomain of the domain if the DMARC validation for the email fails.
This tag determines the alignment mode for DKIM signatures. The alignment mode determines the degree of accuracy with which an email must match the DKIM signature in order to be accepted.
This tag determines the alignment mode for the domains in the header from and the envelope from of an email. The alignment mode determines the degree of accuracy with which both domains must match in order for the email to be accepted.