DMARC Record Tags Explanation


DMARC Record Tag Variables

Below is a table of DMARC tags which can be used to configure and customize DMARC records.

tag explanation
v DMARC protocol version.
p Apply this policy to apply to email that fails the DMARC check. Can be “none”, “quarantine”, or “reject”. “none” is used to collect the DMARC report and gain insight into the current email flows and their status.
rua A list of URIs for ISPs to send XML feedback to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form “mailto:test@example.com”.
ruf A list of URIs for ISPs to send forensic reports to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form “mailto:test@example.org”.
rf The reporting format for forensic reports. This can be either “afrf” or “iodef”.
pct The percentage tag instructs ISPs to only apply the DMARC policy to a percentage of failing email’s. “pct=50” will tell receivers to only apply the “p=” policy 50% of the time against emails that fail the DMARC check. NOTE: this will not work for the “none” policy, but only for “quarantine” or “reject” policies.
adkim Specifies the “Alignment Mode” for DKIM signatures, this can be either “r” (Relaxed) or “s” (Strict). In Relaxed mode also authenticated DKIM signing domains (d=) that share an Organizational Domain with an emails ‘From’ domain will pass the DMARC check. In Strict mode an exact match is required.
aspf Specifies the “Alignment Mode” for SPF, this can be either “r” (Relaxed) or “s” (Strict). In Relaxed mode also authenticated SPF domains that share an Organizational Domain with an emails ‘From’ domain will pass the DMARC check. In Strict mode an exact match is required.
sp This policy should be applied to email from a sub-domain of this domain that fails the DMARC check. Using this tag domain owners can publish a “wildcard” policy for all subdomains.
fo Forensic options. Allowed values: “0” to generate reports if both DKIM and SPF fail, “1” to generate reports if either DKIM or SPF fails to produce a DMARC pass result, “d” to generate report if DKIM has failed or “s” if SPF failed.
ri The reporting interval for how often you’d like to receive aggregate XML reports. This is a preference and ISPs could (and most likely will) send the report at different intervals (normally this will be daily).
  • dmarc, email security
  • 3 Users Found This Useful
Was this answer helpful?

Related Articles

Video: Create Email Address in cPanel

This video tutorial demonstrates how to create an email address using cPanel Shared Hosting...

How to Edit Zone File and Setup DNS Forwarding

To perform DNS forwarding, change your zone file, (MX, A-Records & CNAME) using the following...

Update Nameservers for Domains Registered at GoDaddy

After signing up for a hosting account, you will receive a Welcome email containing important...

How to Disable Simplified Account Creation in Outlook 2016

Summary When you configure an Office 365 account in Outlook 2016, you see the...

Guide to Domain EPP Status Codes

EPP Status Codes are used by the Domain Registry to signify the status of a particular domain...