Add your DMARC record

You define DMARC functionality by entering a DMARC record in your domain’s DNS settings.

After preparing the text of your DMARC record, add or update the DNS TXT record at your domain provider. To update a DNS TXT record, enter the line of text that defines your DMARC policy record in the management console for your domain provider.

Every time you change your DMARC policy and update your record, you must update the DNS TXT record at your domain provider.

Subdomains or additional domains

If you have more than one domain, take the steps below for each domain. Each domain can have a different policy, and different report options (defined in the record).

If you don’t create DMARC policies for subdomains, they inherit the parent domain’s DMARC policy. To define a DMARC policy for subdomains, use the sp policy tag in the DMARC record for the parent domain.

Add or update your record

Do these steps in the management console for your domain host, not in the Admin console. Who is my domain host?

Important: Configure DKIM and SPF before configuring DMARC. DKIM and SPF should be authenticating messages for at least 48 hours before turning on DMARC.

  1. Have the text file or line that represents your policy record ready.
  2. Sign in to the management console for your domain host.
  3.  Locate the page where you update DNS records.
  4. Add a DNS TXT record, or modify an existing record, by entering your record in the TXT record for  _dmarc:
    1. TXT record name: In the first field, under the DNS Host name, enter: _dmarc.solarmora.com
    2. TXT record value: In the second field, enter the text for your DMARC record, for example:

      v=DMARC1; p=none; rua=mailto:dmarc-reports@solarmora.com

      The field names might be different for your provider. DNS TXT record field names can vary slightly from provider to provider. The domain used here is an example domain. Replace solarmora.com with your own domain.

  5. Save your changes. 

DMARC record format

The DMARC record is in the form of a line of plain text. The text is a list of DMARC tags and values, separated by semicolons. Some tags are required and some are optional.

A DMARC policy tells receiving servers what action to take on unauthenticated messages they get from your domain. The action to take is specified with the policy (p) tag when you define your DMARC record.

This is an example of a DMARC policy record. The v and p tags must be listed first, other tags can be in any order:

v=DMARC1; p=reject; rua=mailto:postmaster@solarmora.com, mailto:dmarc@solarmora.com; pct=100; adkim=s; aspf=s

DMARC record tags

Tag Required? Description and values
v

Required

DMARC version. Must be DMARC1.

p

Required

Instructs the receiving mail server what to do with messages that don’t pass authentication.
  • none: Take no action on the message and deliver it to the intended recipient. Log messages in a daily report. The report is sent to the email address specified with the rua option in the record .
  • quarantine: Mark the messages as spam and send it to the recipient's spam folder. Recipients can review spam messages to identify legitimate messages.
  • reject: Reject the message. With this option, the receiving server usually sends a bounce message  to the sending server.
pct Optional

Must be a whole number from 1 to 100. If you don’t use this option in the record, your DMARC policy is applied to 100% of messages sent from your domain.

Specifies the percent of unauthenticated messages are subject to the DMARC policy. When you gradually deploy DMARC, you might start with a small percentage of your messages. As more messages from your domain pass authentication with receiving servers, update your record with a higher percentage, until you reach 100 percent.

Must be a whole number from 1 to 100. If you don’t use this option in the record, your DMARC policy applies to 100% of messages sent from your domain.

rua Optional

Email address to receive reports about DMARC activity for your domain.

The email address must include mailto:. For example: mailto:dmarc-reports@solarmora.com

To send the report to more than one email address, separate emails with a comma.

This option can potentially result in a high volume of report emails. We don’t recommend using your own email address. Instead, consider using a dedicated mailbox, a group, or a third-party service that specializes in DMARC reports.

ruf Not supported Gmail doesn’t support the ruf tag, used to send failure reports. Failure reports are also called forensic reports.
sp Optional Sets the policy for messages from subdomains of your primary domain. Use this option if you want to use a different DMARC policy for your subdomains.
  • none: Take no action on the message and deliver it to the intended recipient. Log messages in a daily report. The report is sent to the email address specified with the rua option in the policy .
  • quarantine: Mark the messages as spam and send it to the recipient's spam folder. Recipients can review spam messages to identify legitimate messages.
  • reject: Reject the message. With this option, the receiving server should send a bounce message  to the sending server

If you don’t use this option in the record, subdomains inherit the DMARC policy set for the parent domain.

adkim Optional Sets the alignment policy for DKIM, which defines how strictly message information must match DKIM signatures. Learn how alignment works.
  • s: Strict alignment. The sender domain name must exactly match the corresponding d=domain in the DKIM mail headers.
  • r: Relaxed alignment (default). Allows partial matches. Any valid subdomain of d=domain in the DKIM mail headers is accepted.
aspf Optional Sets the alignment policy for SPF, which specifies how strictly message information must match SPF signatures. Learn how alignment works.
  • s: Strict alignment. The message From header must exactly match the domain name in the SMTP MAIL FROM command
  • r: Relaxed alignment (default). Allows partial matches. Any valid subdomain of domain name is accepted.
Was this helpful?
How can we improve it?