What is a DMARC Record?

As a mission-driven company, dmarcian is focused on spreading the adoption of DMARC. Because of this, we interface with a wide range of people with varying degrees of knowledge. We thought we’d take a step back and take a look at something fundamental: What is a DMARC record?

The DMARC record exists as part of your DNS record. So let’s start there.

DNS Records

DNS stands for Domain Name System, and DNS records route traffic on the internet—a database that maps human-friendly URLs to IP addresses, which are the strings of numbers identifying a unique destination online. For example, when you enter dmarcian.com into a web browser and hit enter, it is the DNS record that routes you to the IP address (###.###.###.###) where the website “exists.”

Additional information, or records, can be included in the DNS record, including the DMARC record. A DMARC record is a text entry within the DNS record that tells the world your email domain’s policy when it comes to checking to see if your SPF and/or DKIM has passed or failed.

A DMARC record also tells the servers that touch your email on its way to its final destination to send XML reports back to the reporting email address listed in the DMARC record. These reports provide insight on how your email is moving through the ecosystem and allow you to identify everything that is using your email domain.

More information on publishing DMARC records can be found here.

The DMARC Record

An example of a DMARC DNS TXT Record

v=” indicates this is a DMARC record 

p=” indicates the DMARC policy 

rua=” indicates where data should be sent 

RUA is reporting that provides an aggregate view of all of a domain’s traffic. The other option is RUF reports that are redacted forensic copies of the individual emails that are not 100% compliant with DMARC. While RUA reports show the traffic of the email, RUF reports contain snippets from the actual emails themselves. While RUA reporting is all that is needed for DMARC deployment, more advanced users may also add the RUF tag, which will send more sensitive information.

These reports are in Extensible Markup Language (XML), which isn’t easy to read:

There are tools that can translate these XML files into a human-friendly format. Services like dmarcian’s, where the RUA reports can be pointed to, automatically process the reports and give you insight via a powerful dashboard to make identifying the valid uses of your email domain easier while disallowing abuse. A dmarcian account will store past reports so you can observe trends and be alerted when new threats arise.

You can find more information about getting started with DMARC here.

Want to continue the conversation? Head over to the dmarcian Forum