Add your DMARC record
You define Domain-based Message Authentication, Reporting, and Conformance (DMARC) functionality by entering a DMARC record in your domain’s DNS settings.
Subdomains & additional domains
If you have more than one domain, take the steps below for each domain. Each domain can have a different policy, and different report options (defined in the record).
If you don’t create DMARC policies for subdomains, they inherit the parent domain’s DMARC policy. To define a DMARC policy for subdomains, use the sp policy tag in the DMARC record for the parent domain.
Add or update your record
Do these steps in the management console for your domain host, not in the Admin console.
Important: Configure DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) before configuring DMARC. DKIM and SPF should be authenticating messages for at least 48 hours before turning on DMARC.
- Have the text file or line that represents your policy record ready.
- Sign in to the management console for your domain host.
- Locate the page where you update DNS records.
- Add a DNS TXT record, or modify an existing record, by entering your record in the TXT record for _dmarc:
- TXT record name: In the first field, under the DNS Host name, enter: _dmarc.solarmora.com
Important: Some domain hosts automatically add the domain name after _dmarc. After you add the TXT record, you can verify the DMARC TXT record name to make sure it's formatted correctly. - TXT record value: In the second field, enter the text for your DMARC record, for example:
v=DMARC1; p=none; rua=mailto:dmarc-reports@solarmora.com
The field names might be different for your provider. DNS TXT record field names can vary slightly from provider to provider.
Save your changes.
Please note solarmora.com is an example domain and dmarc-reports@solarmora.com
Is an example id to which the reports are to be sent, you should ensure to replace them with your domain and the user id to which you need to receive the reports respectively
DMARC record format
The DMARC record is in the form of a line of plain text. The text is a list of DMARC tags and values, separated by semicolons. Some tags are required and some are optional.
A DMARC policy tells receiving servers what action to take on unauthenticated messages they get from your domain. The action to take is specified with the policy (p) tag when you define your DMARC record.
This is an example of a DMARC policy record. The v and p tags must be listed first, other tags can be in any order:
v=DMARC1; p=reject; rua=mailto:postmaster@solarmora.com, mailto:dmarc@solarmora.com; pct=100; adkim=s; aspf=s
DMARC record tags
- V - DMARC version. Must be DMARC1.
This tag is required.
- p - Instructs the receiving mail server on what to do with messages that don’t pass authentication.
none—Take no action on the message and deliver it to the intended recipient. Log messages in a daily report. The report is sent to the email address specified with the rua option in the record.
quarantine—Mark the messages as spam and send it to the recipient's spam folder. Recipients can review spam messages to identify legitimate messages.
reject—Reject the message. With this option, the receiving server usually sends a bounce message to the sending server.
This tag is required.
- pct - Specifies the percentage of unauthenticated messages that are subject to the DMARC policy. When you gradually deploy DMARC, you might start with a small percentage of your messages. As more messages from your domain pass authentication with receiving servers, update your record with a higher percentage, until you reach 100 percent.
Must be a whole number from 1 to 100. If you don’t use this option in the record, your DMARC policy applies to 100% of messages sent from your domain.
This tag is optional.
- rua - Email address to receive reports about DMARC activity for your domain.
The email address must include mailto:For example: mailto:dmarc-reports@solarmora.com
To send the report to more than one email address, separate emails with a comma.
This option can potentially result in a high volume of report emails. We don’t recommend using your own email address. Instead, consider using a dedicated mailbox, a group, or a third-party service that specializes in DMARC reports.
This tag is optional.
- sp -Sets the policy for messages from subdomains of your primary domain. Use this option if you want to use a different DMARC policy for your subdomains.
none—Take no action on the message and deliver it to the intended recipient. Log messages in a daily report. The report is sent to the email address specified with the rua option in the policy.
quarantine—Mark the messages as spam and send it to the recipient's spam folder. Recipients can review spam messages to identify legitimate messages.
reject—Reject the message. With this option, the receiving server should send a bounce message to the sending server.
If you don’t use this option in the record, subdomains inherit the DMARC policy
set for the parent domain.
This tag is optional.
- adkim - Sets the alignment policy for DKIM, which defines how strictly message information must match DKIM signatures.
s—Strict alignment. The sender domain name must exactly match the corresponding d=domainname in the DKIM mail headers.
r—Relaxed alignment (default). Allows partial matches. Any valid subdomain of
d=domain in the DKIM mail headers is accepted.
This tag is optional.
- aspf - Sets the alignment policy for SPF, which specifies how strictly message information must match SPF signatures.
s—Strict alignment. The message From header must exactly match the domain name in the SMTP MAIL FROM command.
r—Relaxed alignment (default). Allows partial matches. Any valid subdomain of domain name is accepted.
This tag is optional.
For more information please refer to the link