How to Create DMARC Records

DMARC records are used in combination with SPF and DKIM records to tell a server what to do when it receives mail that from an unverified server.

DMARC records also help identify your server as a legitimate mail server, so they should be set up for all domains that you plan on using to send mail with.

Creating the record

The DMARC records are created just the same as any other type of DNS record. Open the DNS zone file editor of your choice based on your setup, add/change the DMARC record, then save the changes.

The basics of the record are as follows:

Name: _dmarc
TTL: 3600
Type: TXT
TXT data: See below

For the text data you will use specific options depending on what behavior you would like to see.

Do nothing with SPF/DKIM failures: "v=DMARC1; p=none; sp=none; rf=afrf; pct=100; ri=86400"
Reject SPF/DKIM failures: "v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ri=86400"
Quarantine SPF/DKIM failures: "v=DMARC1; p=quarantine; sp=none; rf=afrf; pct=100; ri=86400"

If you would like to receive a notification on a failed DMARC validation, you can add an e-mail address to the record as well.

"v=DMARC1; p=none; sp=none; ruf=mailto:user@example.com; rf=afrf; pct=100; ri=86400"

You can add the e-mail notification by just adding the ruf=mailto:user@example.com; inside of the record. It works with reject and quarantine as well as the do nothing option. Make sure to change the address to your own.