You define DMARC functionality by entering a DMARC record in your domain’s DNS settings.
After preparing the text of your DMARC record, add or update the DNS TXT record at your domain provider. To update a DNS TXT record, enter the line of text that defines your DMARC policy record in the management console for your domain provider.
Every time you change your DMARC policy and update your record, you must update the DNS TXT record at your domain provider.
Subdomains or additional domains
If you have more than one domain, take the steps below for each domain. Each domain can have a different policy, and different report options (defined in the record).
If you don’t create DMARC policies for subdomains, they inherit the parent domain’s DMARC policy. To define a DMARC policy for subdomains, use the sp policy tag in the DMARC record for the parent domain.
Add or update your record
Do these steps in the management console for your domain host, not in the Admin console. Who is my domain host?
Important: Configure DKIM and SPF before configuring DMARC. DKIM and SPF should be authenticating messages for at least 48 hours before turning on DMARC.
- Have the text file or line that represents your policy record ready.
- Sign in to the management console for your domain host.
- Locate the page where you update DNS records.
- Add a DNS TXT record, or modify an existing record, by entering your record in the TXT record for _dmarc:
- TXT record name: In the first field, under the DNS Host name, enter: _dmarc.solarmora.com
- TXT record value: In the second field, enter the text for your DMARC record, for example:
v=DMARC1; p=none; rua=mailto:firstname.lastname@example.org
The field names might be different for your provider. DNS TXT record field names can vary slightly from provider to provider. The domain used here is an example domain. Replace solarmora.com with your own domain.
- Save your changes.
DMARC record format
The DMARC record is in the form of a line of plain text. The text is a list of DMARC tags and values, separated by semicolons. Some tags are required and some are optional.
A DMARC policy tells receiving servers what action to take on unauthenticated messages they get from your domain. The action to take is specified with the policy (p) tag when you define your DMARC record.
This is an example of a DMARC policy record. The v and p tags must be listed first, other tags can be in any order:
v=DMARC1; p=reject; rua=mailto:email@example.com, mailto:firstname.lastname@example.org; pct=100; adkim=s; aspf=s
|Tag||Required?||Description and values|
DMARC version. Must be DMARC1.
|Instructs the receiving mail server what to do with messages that don’t pass authentication.
Must be a whole number from 1 to 100. If you don’t use this option in the record, your DMARC policy is applied to 100% of messages sent from your domain.
Specifies the percent of unauthenticated messages are subject to the DMARC policy. When you gradually deploy DMARC, you might start with a small percentage of your messages. As more messages from your domain pass authentication with receiving servers, update your record with a higher percentage, until you reach 100 percent.
Must be a whole number from 1 to 100. If you don’t use this option in the record, your DMARC policy applies to 100% of messages sent from your domain.
Email address to receive reports about DMARC activity for your domain.
The email address must include mailto:. For example:
To send the report to more than one email address, separate emails with a comma.
This option can potentially result in a high volume of report emails. We don’t recommend using your own email address. Instead, consider using a dedicated mailbox, a group, or a third-party service that specializes in DMARC reports.
|ruf||Not supported||Gmail doesn’t support the ruf tag, used to send failure reports. Failure reports are also called forensic reports.|
|sp||Optional||Sets the policy for messages from subdomains of your primary domain. Use this option if you want to use a different DMARC policy for your subdomains.
If you don’t use this option in the record, subdomains inherit the DMARC policy set for the parent domain.
|adkim||Optional||Sets the alignment policy for DKIM, which defines how strictly message information must match DKIM signatures. Learn how alignment works.
|aspf||Optional||Sets the alignment policy for SPF, which specifies how strictly message information must match SPF signatures. Learn how alignment works.