DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance, is a protocol that helps protect email domains from being used in email spoofing and phishing attacks. It does this by enabling domain owners to specify which mechanisms (like SPF and DKIM) are used to authenticate their email, how the receiving mail servers should handle mail that doesn’t pass authentication checks, and to provide a way for receiving servers to report back to the domain owner about messages that pass or fail the DMARC evaluation.
Here’s a general breakdown of the record components and tags in DMARC:
v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]
1- “v” stands for the version of DMARC, which is currently version 1
2- Policy: The policy defines how you want receiving email servers to handle emails that fail DMARC checks.
Tags: p=none, p=quarantine, p=reject
- p=none: No specific action is taken, but reports are sent.
- p=quarantine: Emails that fail are marked as suspicious and may end up in the spam/junk folder.
- p=reject: Emails that fail are outright rejected and not delivered.
3- Reporting:
Allows the domain owner to receive reports about the DMARC checks.
Tags: rua, ruf
- rua: Aggregate reports, which provide a summary of DMARC activity.
- ruf: Forensic reports, which provide detailed information about individual emails that fail DMARC checks.
If you want to check a domain’s DMARC record, you can do it Here.
If you need to generate a new one, you can also do that Here.