Hey, what answers do you need?
Chapter
< Contents
Print

How does a DMARC record work?

A DMARC record is a DNS record created by domain owners to facilitate email authentication and protect their domains from email spoofing and phishing attacks. The record contains a set of parameters that define how the domain's email server should authenticate and verify emails sent from that domain. An example of a DMARC record could look like this:

_dmarc.example.com IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com; call=mailto:dmarc@example.com; fo=1; adkim=s; aspf=s;"

The parameters used in this example are explained below:

  1. "v": This parameter specifies the DMARC version that is used. Currently, the only version used in practice is version 1 ("v=DMARC1").
  2. "p": This parameter specifies the DMARC policy that determines what should happen to emails that do not comply with the DMARC guidelines. The parameter can be either "none", "quarantine" or "reject". In the example above, the policy is set to "reject", which means that emails that do not comply with the DMARC guidelines are rejected and not delivered.
  3. "rua": This parameter specifies the e-mail address to which DMARC monitoring reports should be sent. DMARC monitoring reports are generated by the recipient's email server and contain information about DMARC checks of emails sent from the domain.
  4. "call": This parameter specifies the email address to which forensics reports should be sent. These reports contain details of DKIM and SPF checks and help domain owners to identify problems with the authentication of emails.
  5. "fo": This parameter specifies which reports the email server should generate. A value of "0" means that no reports should be generated, while a value of "1" means that forensic reports should be generated.
  6. "adkim" and "aspf": These parameters specify which type of alignment check should be performed. The alignment check ensures that the domain in the email header and the domain specified in the DKIM or SPF check match. In the example above, the "adkim" parameter is set to "s" (strict), which means that a strict alignment check is performed. The "aspf" parameter is also set to "s".

The choice of DMARC parameters depends on the security requirements of the domain holder.

Tags: