A DMARC record (Domain-based Message Authentication, Reporting and Conformance) is a DNS TXT record that enables a domain owner to publish a policy specifying how receiving mail servers should handle emails that fail SPF and/or DKIM alignment, and to request aggregate (rua) and forensic (ruf) reports on authentication results.
It provides a framework for domain-level email authentication and policy enforcement.
ℹ️ The DMARC button is a wizard to insert a DMARC record for the DNS Zone. DMARC is part of the DKIM email signing infrastructure. You can find a in depth explanation here: https://dmarc.org/overview/
The wizardform contains the following fields:
• Domain: The domain name (zone) is filled in automatically.
• Mail Receiver Policy: How ISPs should handle messages that failed SPF or DKIM (DMARC).
- None: Deliver the Mail.
- Quarantine: Quarantine Mail.
- Reject: Reject Mail.
• Aggregate Data Reporting Address: Email to receive reports from ISPs aboute messages which failed DMARC checks for the domain (separated by whitespaces).
• Forensic Data Reporting Address: Email to receive sample messages that are failing DMARC checks for the domain (separated by whitespaces).
• Forensic reporting options:
- Generate reports if all underlying authentication mechanisms fail to produce a DMARC 'pass' result.
- Generate reports if any mechanisms fail.
- Generate report if DKIM signature failed to verify.
- Generate report if SPF failed.
• DKIM identifier alignment: The option can be set to strict or relaxed, strict requires exact matching between DKIM domain and email's from.
• SPF identifier alignment: The option can be set to strict or relaxed, strict requires exact matching between SPF domain and email's from.
• Report Format: Here you can set the format that shall be used for the DMARC reports that you receive for this domain.
- Authentication Failure Reporting Format.
- Incident Object Description Exchange Format.
• Apply Policy to this Percentage: Messages in percent from the domain you want ISPs to check.
• Reporting Interval: The value is in seconds (default=86400). The time in seconds that aggregate reports should be generate (86400 represents 1 day).
• Subdomain Policy: The options are: same as domain, none, quarantine, reject. (Defaults to same as domain).
• TTL: The time interval (in seconds) that this record may be cached before the source of the information should again be consulted. Zero values are interpreted to mean that the record can only be used for the transaction in progress, and should not be cached.
• Active: This defines whether this DMARC record is active or not.
