Configuring a DMARC Record for a Domain
Please use the “Print” function at the bottom of the page to create a PDF.
DMARC stands for Domain-Based Message Authentication, Reporting and Conformance. It has been designed to reduce email abuse. This technology is based on the specifications for DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework).
A DMARC policy lets you indicate that your emails are protected using the SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) procedures. This policy also lets you specify how the recipient handles emails based on the results of the DKIM and SPF check and notifies you, as the domain owner, of any abuse.
DMARC policies are added in the form of a TXT record. This record is called the DMARC record. It is created with the subdomain name _dmarc (e.g. _dmarc.example.com). The TXT record consists of tags that are separated by semicolons.
Example:
v=DMARC1;p=reject;rua=mailto:postmaster@example.com
Structure of a DMARC Record
The following are the common tags used in DMARC (TXT) records:
NAME OF THE TAG | PURPOSE | EXAMPLE |
---|---|---|
v | Protocol version, the value must be DMARC1. | v=DMARC1 |
p | Policy for this domain. This value determines the action to be performed on suspicious emails. | p=reject |
none: If you specify this value, the recipient is asked not to perform any action. | ||
quarantine: The messages are classified as suspicious by the recipient or marked as spam. | ||
reject: The recipient is instructed to reject emails if they have not passed the DMARC check. | ||
ruf | Email address to which the error reports are sent. | ruf=mailto:postmaster@example.com |
rua | Email address to which the aggregated status reports are sent. | rua=mailto:postmaster@example.com |
sp | Policy for subdomains. | sp=reject |
none: If you specify this value, the recipient is asked not to perform any action. | ||
quarantine: The messages are classified as suspicious by the recipient or marked as spam. | ||
reject: The recipient is instructed to reject emails if they have not passed the DMARC check. | ||
adkim | Defines the settings of the matching mode for DKIM signatures. This value determines how exactly the emails must match the DKIM signatures. Valid values are: | adkim=s |
r stands for relaxed. If this value is specified, any valid subdomain in the DKIM email headers will be accepted. | ||
s stands for strict. The header of the emails must exactly match the value d=name in the DKIM email headers. | ||
aspf | This value determines how closely messages must match the SPF signatures. | aspf=r |
r stands for relaxed. If this value is specified, any valid subdomain is accepted. | ||
s stands for strict. The header of the emails must exactly match the domain name in the SMTP Mail FROM command. |
Example Configurations
This configuration rejects all emails that do not match DKIM and SPF check results. In addition, an aggregated status report will be sent to postmaster@example.com.
v=DMARC1;p=reject;rua=mailto:postmaster@example.com
The configuration in the following example does not reject emails and sends an aggregated status report of all emails that do not match the SPF and DKIM check results for the domain and all subdomains to postmaster@example.com.
v=DMARC1;p=none;rua=mailto:postmaster@example.com
This configuration has no influence on email delivery and is particularly suitable for testing.
The configuration below marks all emails that do not match the results of the DKIM and SPF checks as spam or suspicious. In addition, a report is sent to postmaster@example.com for each error.
v=DMARC1;p=quarantine;ruf=mailto:postmaster@example.com
Configure DMARC Record
You can configure the DMARC (TXT) record in your IONOS account.
Click the desired domain, under Actions, click the Gear icon and then click DNS.
Click ADD RECORD. Under Type, select the entry TXT.
In the field Host name, enter the subdomain name _dmarc.
The subdomain _dmarc.your-domain.com will be automatically created for your TXT record.In the field Value, enter the desired tags, which you can separate by a semicolon (;).
Example: v=DMARC1;p=rejectOptional: Select the desired TTL (Time-To-Live).
Click Save.
Your changes are immediately effective with IONOS. However, it may take up to 1 hour until the changes become effective everywhere. This is due to the decentralized structure of the Domain Name System.
Log In and Add, Edit, or Remove a DMARC RecordAdd, Edit, or Remove a DMARC Record