DNS DMARC Record

A DNS DMARC record is a record that helps authenticate emails to prevent malicious attacks like email spoofs.

What is a DNS DMARC Record?

In the realm of DNS (Domain Name System) DMARC stands for Domain-based Message Authentication Message and Reporting Conformance. DMARC policies inform incoming or receiving email servers what they should do after checking for SPF (Sender Policy Framework) records and DKIM (Domain Keys Identified Mail) records.

DMARC records essentially list the protocol to follow in order to work with SPF and DKIM records. For example, if a phishing attack occurs by a malicious attacker trying to send an email from a specific domain, an SPF or DKIM record will inform the receiving email server that this message is not from a verified server listed on the domain’s SPF record. Therefore, the result will be ‘Fail.” The DMARC record from the domain the sender was trying to spoof will contain the policy for what should happen to an email after it fails. So, it could be marked as SPAM or perhaps just rejected altogether.

DMARC record tags

DMARC values are made up of tag-value pairs. The tag is the type or category and the value is what the domain-owner has specified. So for example, the p tag stands for policy and the value could be to “quarantine” the message. Here is a list of possible tag-value pairs found in a DMARC record:

Tag

Required?

Description

Example

v (version)

Yes

Version of DMARC protocol

v=DMARC1

p (policy)

Yes

The handling policy of a message

None, quarantine, reject

pct (percentage)

No

The percentage of emails that should subjected to the specified policy

p=quarantine; pct=25

rua (report email addesses)

No

Specifies where to send specific forensic DMARC reports

ruf=mailto:dmarcforensics!domain.com

fo (forensic reporting options)

No

Specifies how forensic reports are created.

fo=0 (failed DKIM and SPF) / fo=1 (non-pass DKIM and SPF) / fo=d (failed DKIM) / fo=s (failed SPF)

aspf

No

Specifies the alignment mode for spf

aspf=s (strict) / adkim=r (relaxed)

adkim

No

Specifies the alignment mode for spf

adkim=s (strict) / adkim=r (relaxed)

rf (report format)

No

The reporting format for a DMARC report and optionally the of XML supported

rf=afrf (authentication failure reporting format)

ri (report format)

No

Number of seconds between the sending of aggregate reports

ri=86400

sp (subdomain policy)

No

Handling policy for subdomains

p=quarantine; sp=reject

DNS DMARC record policies

There are three policies that may be specified based on the outcome of an spf and/or dkim check.

  1. None - no action is taken, the message is received
  2. Quarantine - message is usually sent to a SPAM or junk folder or set aside to wherever the email security solution specifies
  3. Reject - message is not delivered to the receiver or set aside for further filtering

Create DNS DMARC record

Creating a DMARC record will depend on the DNS management software you’re using. If you’re using Micetro you may do the following to create it:

  1. Open the Micetro web UI
  2. Click on DNS
  3. Double-click on the zone for which you’d like to create a DMARC record
  4. Click Create
  5. Enter a record name
  6. Select TXT as the record type
  7. Enter a TTL
  8. Enter the proper text according to the table above
  9. Click Create Now or Add to Request depending on your permissions