What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a standard that prevents spammers from using your domain to send email without your permission — also known as spoofing. If you are new to email authentication, we recommend first reading about DKIM and SPF. In combination with SPF and DKIM, a DMARC policy in DNS allows you to set rules to reject or quarantine emails from sources you do not know or trust. As part of the DMARC spec, ISPs (Gmail, Yahoo, Microsoft and more) who implement DMARC will also generate reports on sending activity for your domain. For further reading, check out our guide on DMARC.
What do these tags mean on my DMARC DNS Record?
|p||Policy for organizational domain||p=none|
|pct||Percentage of messages subjected to filtering||pct=100|
|rua||Reporting URI of aggregate reports||rua=mailto:email@example.com|
|sp||Policy for sub-domains of the organizational domain||sp=none|
|aspf||Alignment mode for SPF||aspf=r|
Can you help me generate a DMARC record?
Yep! Head over to https://dmarc.postmarkapp.com/ and enter in the domain you want to monitor and an email address to receive weekly DMARC reports at. We will then generate a valid DMARC record for you to add to your DNS. Once the DMARC record we create for you is in your DNS we will begin receiving DMARC data for your sending. The following week you can expect to receive your first DMARC Weekly Digest, which will include the aggregate DMARC data in a human readable format for you.
How do I add a DMARC record to my DNS?
Once you have your DMARC record generated, head over to your DNS provider and add it to your DNS as a TXT record. Use _dmarc for the host/name and your DMARC policy for the value.
What if I still want to receive the raw aggregate DMARC reports?
You can include multiple email addresses in the rua tag of your DMARC record, allowing you to receive the raw reports while also using the Postmark DMARC reporting tool. For example, if the Postmark DMARC reporting tool generated this DMARC record:
v=DMARC1; p=none; pct=100; rua=mailto:firstname.lastname@example.org; sp=none; aspf=r;
But you want to still receive the raw DMARC reports at email@example.com, you could modify the DMARC record to be:
v=DMARC1; p=none; pct=100; rua=mailto:firstname.lastname@example.org, mailto:email@example.com; sp=none; aspf=r;
Are there any limitations imposed by this service?
We provide DMARC reports as a free service. As such, there are certain limitations to the service at the moment to help us keep everything running smoothly:
- We will only fully process DMARC reports with less than 100,000 records (DMARC report records are XML nodes that contain aggregated information for a specific IP address). Any report exceeding this limit will be truncated to the first 100,000 items.
- We will store raw reports for up to 9 months. The maximum size of an unarchived DMARC report that we will store is 3MB. For larger reports we will first extract the metadata and make it available to you, and then the reports will be discarded.
- We will store the reports metadata in a form retrievable via the API for up to 9 weeks.