DMARC Look Like
DMARC is a standard for delivering email with the headers “DMARC:” and “X-Forwarded-For”; it is applied at the same point as ADSP, where a recipient can request that their emails be delivered to a particular address. Once DMARC policies are in place, they are published in the DNS as text resource records. The DMARC policies tell email recipients what to do with non-aligned mail. The default action for non-aligned messages is to reject them and send an aggregated report. However, in some cases quarantine may be used instead of DMARC.
5.7.5 permanent error evaluating dmarc policy
DMARC records should include 11 tags, including “v” and “p”. The “v” tag demonstrates that the domain has a policy requiring the receiver to report, quarantine, or reject emails that fail authentication checks. The “pct” tag specifies the percentage of email messages that should be rejected or quarantined. DMARC also allows sending reports to more than one destination. A DMARC record may contain other values as well.
DMARC records consist of several tags with optional values. In addition to the v=tag, the p=tag must have an optional value of “quarantine”. This value should be set to “none” if a mailer service does not support it. rua=report-email-address is the mailbox where the DMARC reports are sent. If the domain does not offer this service, then the email will not be delivered at all.
What Should DMARC Look Like?
The DMARC specification has two main alignment modes: rigid and relaxed. R-DMARC uses a relaxed alignment mode, while s-DMARC requires a strict match. DMARC is designed to scale to the size of an organization. Moreover, the specification has built-in throttling techniques for organizations that cannot afford large-scale DMARC deployment. In short, DMARC can help protect the reputation of email service providers while minimizing the risk of spam emails.
To add DMARC to your domain, you need to add DMARC public keys to your DNS zone. Often, email sending organizations will provide these keys to their clients. These keys will be placed into your domain’s DNS zone as TXT records. These records should contain DMARC public keys, which are used for verification. The TXT records will also contain your email policies. Be sure to add the subdomain portion of your hostname into the Name field.
DMARC records must be verified by your email server to be effective. The DMARC policy will let your recipients know when a DMARC check fails. It should also provide the recipient with reports of DMARC tests. Domain owners will need to include SPF or DKIM records or both. Receiving servers will check these records to ensure that they are authenticated. It is important that you use DMARC if you want your email system to work smoothly.