What does a DMARC record look like?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

A DMARC record is a DNS TXT record published at _dmarc.yourdomain.com. Here's a complete monitoring record that most domains should start with:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com

And here's a more complete enforcement record:

v=DMARC1; p=reject; pct=100; rua=mailto:dmarc@yourdomain.com; adkim=r; aspf=r

Let's break the common tags down:

v=DMARC1 . Required. Identifies this as a DMARC record. Always first, always exactly this value.

p= . Required. Your policy: none, quarantine, or reject. This is the main decision.

rua= . Where to send aggregate reports (daily XML summaries of authentication results). Without this, you're flying blind. You won't get the data that tells you whether your legitimate mail is passing DMARC. Use a real address, or a DMARC reporting service that processes these for you.

ruf= . Where to send forensic reports (individual failure samples). Optional and increasingly limited by privacy-focused providers.

pct= . What percentage of failing mail the policy applies to. Default is 100. Setting it to something lower (like 25) lets you roll out enforcement gradually. Only applies at p=quarantine or p=reject.

adkim= / aspf= . Alignment mode for DKIM and SPF respectively. r is relaxed (subdomains pass), s is strict (only exact matches pass). Default is relaxed, which is right for most senders.

You can check whether your DMARC record is valid with our free DMARC parser, or generate a new one with our policy guide. For the full tag reference including sp= (subdomain policy) and fo= (failure reporting options), see the DMARC specification. You can also explore how to start implementing DMARC for the recommended progression from monitoring to enforcement.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Get a breakdown of your specific DMARC record and what to change.

I read this on the Email Almanac about what a DMARC record looks like. My current DMARC record is: paste your record. I want to understand [describe e.g., "whether my record is valid" or "what I need to add to get reports" or "what pct= means for my rollout plan"].

Edit the yellow boxes, then send to the AI of your choice.