A DMARC record is where DMARC rule sets are defined. It is a security protocol that will prevent fraudulent entities from misusing your domain to send emails. This record informs Internet service providers whether a domain is set up to use DMARC. DMARC record generator tool TDMARC helps in setting up these records that contain DMARC policies and should be placed within your DNS.
DMARC tags help email receivers to check for DMARC and handle messages that fail the DMARC authentication. Following are the tags that are used in the TXT record.
v: This tag identifies the record that has been retrieved as a DMARC record. This tag must be first listed in DMARC record and its value must be DMARC1.
p: ‘p’ tag indicates that the requested policy that your mailbox providers should apply when an email fails the DMARC authentication and alignment checks.
With the DMARC record generator and analyser tool TDMARC, these policies can be appropriately set for your email domain. Let’s take a detailed look at these policies.
rua: mailto:address@company.com: This tag allows mailbox providers to know where exactly you want the aggregate reports to be sent. These reports contain higher-level information and help in identifying potential authentication issues or malicious activities that can harm the email domain.
fo: This helps the mailbox provider know that you want the samples of emails that have either failed both SPF and DKIM checks or anyone of the two. There are four value options available:
sp: This indicates a requested policy for all subdomains when an email fails the DMARC authentication and alignment checks. This tag is very effective when the domain owner wants to specify different policies for primary domain and subdomains. In case this tag is not used for
subdomains, the policy that has been set using the p tag will apply to the primary domain and its subdomains.
dkim: This tag indicates either a strict or relaxed DKIM identifier alignment. The relaxed alignment is set as default.
spf: It indicates either strict or relaxed SPF identifier alignment. The default alignment is relaxed.
pct: This tag allows the gradual implementation of the policy and to test its impact.
ruf: mailto:address@company.com: It allows mailbox providers to know where you want your forensic reports to be delivered. These reports are detailed and are to be delivered almost immediately once DMARC authentication failure has been detected. However, most of the mailbox providers do not send them due to privacy and performance concerns.
rf: It provides a format for forensic reports.
ri: The ri tag corresponds to the aggregate reporting interval and provides DMARC feedback for outlined criteria. Participating mailbox providers that can send more than one aggregate report in a day will provide more frequent reports.
With the DMARC record generator and analyzer tool TDMARC, organizations can ensure that the DMARC record is properly set up for their email domain as well as a check DMARC record. This will ensure that any attempt to misuse the domain is effectively prevented.