DMARC Tags: An Overview
DMARC records consist of a set of mechanisms, known as DMARC tags, that convey specific instructions to email-receiving servers during the mail transfer process. Each DMARC tag has a value defined by the domain owner. Below is a breakdown of the available DMARC tags:
DMARC Tags Table
| DMARC Tag | Type | Default Value | Description |
|---|---|---|---|
| v | Mandatory | Specifies the DMARC protocol version. Always set to v=DMARC1. | |
| pct | Optional | 100 | Indicates the percentage of emails to which the policy is applicable. |
| p | Mandatory | Sets the DMARC policy mode: reject, quarantine, or none. | |
| sp | Optional | Defines a policy mode for subdomains, if different from the main domain. | |
| rua | Optional, Recommended | Specifies where to send DMARC aggregate reports. Example: rua=mailto:[email protected]. | |
| ruf | Optional, Recommended | Specifies where to send DMARC forensic reports. Example: ruf=mailto:[email protected]. | |
| fo | Optional | 0 | Defines the conditions under which forensic reports are generated. |
| aspf | Optional | Sets the SPF alignment mode: strict (s) or relaxed (r). | |
| adkim | Optional | Sets the DKIM alignment mode: strict (s) or relaxed (r). | |
| rf | Optional | afrf | Specifies the formats for Forensic reporting. |
| ri | Optional | 86400 | Sets the time interval between aggregate reports. |
DMARC Aggregate (RUA) Reports
What Are They?
DMARC RUA Aggregate Reports provide a comprehensive view of your email ecosystem, including the sending source, domain, sender’s IP, email volume, DMARC compliance percentage, and SPF/DKIM authentication results.
Frequency
These reports are generated daily and can be simplified into a readable format using tools like PowerDMARC.
Contents
- Reporting organization details
- Published DMARC DNS record description
- DKIM/SPF authentication results summary
DMARC Forensic (RUF) Reports
What Are They?
DMARC Forensic Reports are generated when emails from your domain fail DMARC authentication. These reports are crucial for identifying domain spoofing and brand impersonation attempts.
How to Receive Them
To receive these reports, modify your DMARC record to include a RUF tag, like ruf=mailto:[email protected].
Note
DMARC Forensic Reports may contain sensitive information. It’s advisable to encrypt these reports with a private key.
Why Some Don’t Receive Forensic Reports
If you haven’t received any, it could be because not all receivers support them, or it could indicate that your emails are 100% DMARC compliant.
How to Create and Publish a DMARC Record
- Generate Record: Use an online DMARC record generator tool.
- Publish Record: Add the generated record to your domain’s DNS.
- Check Record: Use a DMARC record lookup tool to verify.
DMARC Authentication Failures
Common Reasons
- Domain misalignment
- Incorrect alignment modes
- Absence of DKIM signature
- Missing authorized sending sources in DNS
- Email forwarding issues
- Domain spoofing
How to Fix
- Monitor: Start with a
nonepolicy and monitor your domain with DMARC Aggregate Reports. - Enforce Policy: Shift to an enforced policy to gain immunity against spoofing.
- Identify Threats: Use Threat Intelligence to identify and take down malicious IPs.
- Enable Forensic Reports: To get detailed information on DMARC failures.
By understanding and implementing DMARC tags and reports, you significantly enhance your email security posture and improve your email deliverability rates. This ensures that your legitimate emails reach the intended recipients, boosting your brand’s credibility and trustworthiness. If you found this information valuable, check out Part 1 of this DMARC series for more insights.
Comment