Knowledge Base

Domain-based Message Authentication, Reporting, and Conformance (DMARC) records are configured as format-specific TXT records and are what define a domain’s email authentication policies. This record type helps shield both email recipients and senders from threats such as email spoofing, phishing, and spam. While not a protocol themselves, DMARC records provide instructions for mail servers on how to interact with communication coming to and from a domain.

A DMARC record looks like this (depending on the tags used for your specific configuration):

v=DMARC2; p=quarantine; ;rua=mailto:info@anexampledomain.com; pct=100

• v= (required): The number after DMARC represents the version you are using.
• p=(required): The value after p= reflects your preferred treatment or policy for messages that fail authentication (none, reject, or quarantine).
• rua=(optional) mailto:info@anexampledomain.com: This section refers to the email that you want aggregate reports delivered to.
• pct=(optional): The percentage of mail messages to be checked for authentication failure.

Other optional tags for DMARC records:

1. ruf=: mailto:forensics@anexampledomain.com: This section refers to the email to which you want forensic reports delivered.
2. sp=: Refers to the subdomain policy (none, reject, or quarantine)
3. adkim=: Represents the alignment mode for DKIM. Options are adkim=s for strict or adkim=r for relaxed.
4. aspf=: This specifies the alignment mode for TXT (SPF), which can be aspf=s for strict or aspf=r for relaxed.

Note: Tags/values should be separated by semicolons in your DMARC configuration.

Common Use Cases for DMARC Records

DMARC records are used as a means of email authentication and are what servers go by to determine whether a DNS message should be quarantined or rejected, or if it is safe for the message to be delivered. You can also enable DMARC records to send reports of the actions taken by mail servers upon policy framework, DomainKeys Identified Mail (DKIM), and DMARC authentication failure.

Including a pct tag allows you to do slow rollouts of DMARC implementations. Specifying a percentage of emails to filter lets domain administrators monitor configurations and check for errors for certain mailstreams. Once satisfied, the percentage can be increased to 100 or the tag can be removed entirely.

Note: There should only be one DMARC record configured per domain.

Prerequisites

• A domain is already added to your Constellix account
• You have imported or created all necessary DNS records (DKIM, TXT (SPF framework), etc.) for your domain
• You have all the information needed for DMARC tags/values and email for reporting, etc.

Note: Visit our tutorials on creating records if you need help with record creation. If you need help adding a domain, we have a guide that walks you through the process.

How to Create DMARC TXT Records in Constellix

1. Log into Constellix and Select Domain

Log into Constellix. Once in the dashboard, select your domain from the Recently Updated Domains list or search for the domain in the top-left search bar.

Note: Options available may vary depending on the current configurations set for your domain.

2. Expand TXT Record Options

After selecting the domain that needs the DMARC TXT record, you will be taken to the Records page. If you have not configured any TXT records for this domain yet, click the green + icon beside TXT Record (SPF) to expand options, otherwise skip to step 3.

3. Add a TXT Record

Once options are expanded, click the green + icon to create your TXT Record (SPF) record.
 

4. Enter DMARC TXT Record Values

You should now see the Add TXT Record pop-up window.

Fill out the values using DMARC-specific formatting:

Note: The example email shown below is for demonstration purposes only and will vary depending on your organization’s policies and needs.

a) Name: In this field, specify that the TXT record contains a DMARC policy by entering _dmarc. 

b) TTL: Time to Live (measured in seconds) determines how long a record is cached in resolvers.

Visit our What is TTL resource for more information and best practices for TTLs.

Note: For DMARC TXT records, we recommend a TTL of 3600 (default in Constellix).

c) Disable Record: With this feature, you are able to remove records from our nameservers without removing the record configuration in the Constellix DNS control panel. See our Disabling a Record tutorial for more information.

d) Value: Add necessary information in this field, including DMARC version (DMARC1), policy tag (p), and rua tag (for email reporting, as noted in the example above). 

Note: TXT records can only contain strings of text that are a maximum of 255 characters. If longer than 255 characters, strings should be broken into parts and enclosed in double quotes (“example text” “example text”).

e) Notes: This section is helpful for adding notes with keywords so that you can easily search for specific records later (optional but recommended).

f) Save: Tap the green Save and Close button.

Note: In order for your DMARC TXT record to take effect, you must review and apply changes.

Visit our website for more information on our services and features.