DMARC (Domain-based Message Authentication, Reporting, and Conformance) records are a set of rules that help protect your email domain from being used for spam or phishing. These rules are stored in a special format that can be read by email servers. Let’s break down what these rules mean in simple terms.


Each rule in a DMARC record is represented by a ‘tag’. Here are some of the main ones:

  • adkim and aspf: These tags tell the email server whether to use ‘strict’ or ‘relaxed’ mode when checking the email. ‘Strict’ mode means the email must exactly match the domain it claims to be from. ‘Relaxed’ mode means the email just needs to be from the same organization. For example, emails from and would both pass in ‘relaxed’ mode.
  • fo: This tag tells the email server when to send a report if an email fails the DMARC check. For example, it can be set to send a report only if all checks fail (0), or if any check fails (1).
  • p: This tag tells the email server what to do with emails that fail the DMARC check. The options are ‘none’ (do nothing), ‘quarantine’ (treat the email as suspicious), or ‘reject’ (don’t accept the email).
  • pct: This tag tells the email server what percentage of emails to apply the DMARC policy to. This allows you to gradually roll out DMARC by starting with a small percentage and increasing it over time.
  • rf: This tag tells the email server what format to use for failure reports. The default is ‘afrf’, which stands for Authentication Failure Reporting Format.
  • ri: This tag tells the email server how often to send aggregate reports. The default is 86400 seconds (one day).
  • rua and ruf: These tags tell the email server where to send reports about the DMARC checks. The reports can be sent to any valid email address.
  • sp: This tag tells the email server what policy to apply to subdomains. If this tag is not present, the policy specified by the ‘p’ tag is applied to subdomains.
  • v: This tag identifies the record as a DMARC record. It must be the first tag in the list and must have the value ‘DMARC1’.

Remember, this is a simplified explanation. In reality, DMARC involves a lot of complex processes and technologies. But hopefully, this gives you a basic understanding of what a DMARC record is and how it works.

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *