• Contact Us
  • Pricing
  • Search
  • Register
  • Login
  • DNS Tools
    • MX Records
    • A Records
    • CNAME Record
    • PTR Record
    • SPF/TXT Records
    • NS Records
  • Domain Tools
    • ARIN Records
    • WHOIS Records
  • Blacklists
    • Blacklist Checker
    • Whitelist Checker
    • Email Blacklist Removal Tool
  • Email Tools
  • Port Scans
  • Other Tools
    • IP Tools
      • IP Address Converter
      • IP Address Locator
      • IP Range To CIDR
    • Chrome Extension - Email Deliverability Checker
  • Blog
    • First Time Sender
      • Email Certification
      • Email Throttling
      • IP Warming
    • Formatting Emails
      • For Browsers
      • For Devices
      • For Email Clients
    • How To Avoid
    • How To Set Up
    • Mail Tester Guide
      • Email Headers Explained
      • MX Records, PTR Records, and Reverse PTR Records AKA rDNS
      • RFC Syntax Checking
      • Email Port Checks
      • SPF Record and Alignment
      • DKIM Signatures and Alignment
      • DMARC Checker
      • Mail Tester Test Tool
    • Measuring Peformance
      • Bounces
      • Clickthrough Rates
      • Open Rates
    • Related Resources
    • Rules to Follow
      • Can Spam Act
      • Postmaster Guidelines
  • Member Services
    • Members Area
    • Blacklist Monitoring
    • Complete Monitoring Solution
    • Domain Name Monitoring
    • Feedback Loop Submissions
    • Full Port Scan Monitoring
    • Mail Tester Pro Tool
    • Mail Miner
    • Spam Detector Toolbox
    • Trusted Sender Site Seal

DMARC Record Example

What exactly is a DMARC Record, and how will it help protect me? Give me some Examples.

Backed by some very large corporations, including Google, American Greetings, PayPal, Microsoft and FaceBook, just to name a few _DMARC, or Domain-based Message Authentication, Reporting & Conformance, is an approach at stopping or reducing email spam and phishing attacks.

The DMARC specification is based around existing email authentication using SPF or DKIM. This will effectively allow email senders, when sending email to receivers implementing DMARC, to experience more uniform authentication.

The domain owner publishes the policy and the server that receives the email can check to make sure its valid based on the receiving server policies - just as it would with SPF, however now it is instructed with what to do with any messages that fail to pass authentication. This takes the burden off the receiver from deciding whether the message is legitimate or not and what to do with the message; quarantine, reject, nothing. DMARC also adds a provision for AFRF, or Authentication Failure Reporting Format (RFC 5965) which allows reports to be passed back to the sender containing information about any successes or failures that the receiver may have encountered.

DMARC Record Example

Here's an example of a DMARC record we use at www.unlocktheinbox.com

"v=DMARC1;p=none;pct=100;rua=mailto:email@domain.com;ruf=mailto:email@domain.com;"

You can verify your DNS record exists by simply going to Unlock The Inbox DMARC Record Lookup

The above record means:


Syntax Definition Example
v Protocol Version v=DMARC1
pct Percentage of messages subjected to filtering pct=100
ruf Reporting URI for forensic reports ruf=authfail@unlocktheinbox.com
rua Reporting URI for aggregate reports rua=aggrep@unlocktheinbox.com
p Policy for organizational domain p=quarantine
sp Policy for subdomains of the OD sp=reject
adkim Identifier Alignment mode for DKIM adkim=strict
aspf Identifier Alignment mode for SPF aspf=relaxed

Click this link to learn more about Email Identifier Alignments.

Who will I get DMARC reports from?

You will get DMARC reports from all the different email receivers that has implemented DMARC. The DMARC reports can be parsed for readability, there are a few services that provide this functionality. Although we don't have any way to tell you everyone that has implemented DMARC and the list is ever-growing. We can however share our personal list of email addresses that we received reports from.

  • noreply-dmarc-support@google.com
  • noreply@dmarc.yahoo.com
  • noreply@dmarc-reports.xs4all.net
  • dmarcrep@microsoft.com
  • abuse@163.com
  • abuse@126.com
  • dmarc_support@corp.mail.ru
  • abuse@aol.com
  • dmarc-noreply@linkedin.com
  • postmaster@inteligis.ro
  • reporter@dmarc.andreasschulze.de
  • noc@visp.mx
  • dmarc-noreply@ivenue.com
  • abuse_dmarc@abuse.aol.com
  • report@rosenkeller.org
  • dmarc-report@rosenkeller.org
  • postmaster@junc.org
  • report@dmarc.laussat.info
  • aggregate@dmarc.theartfarm.com
  • postmaster@horizonlinux.org
  • noreply@numeezy.com
  • noreply-dmarc@numeezy.com
  • sun@sunmoonstar.net
  • dmarc-support@alerts.comcast.net
  • abuse@yeah.net
  • postmaster@dmarc.org
  • postmaster@facebookmail.com
  • postmaster@blackops.org
  • postmaster@telesiscomms.com
  • postmaster@web31.iitsp.com
  • dmarc@gcis.biz
  • dmarc@halon.se
  • dmarc@jrschneider.com
  • dmarc@padz.net
  • dmarc@vincenti.com
  • dmarc_reports@thokar.com
  • hostmaster@amfes.com
  • hostmaster@mbrown.co.uk
  • mg@castlehoward.co.uk
  • noreply-dmarc-support@moscow.stalker.com
  • noreply-dmarc-support@opentech.co.jp
  • postmaster@coco.co.uk
  • postmaster@croakingduck.com
  • postmaster@darkblue.co.uk
  • postmaster@freeyournet.com
  • postmaster@kestral.com.au
  • postmaster@llamas.net
  • postmaster@marlesfarm.co.uk
  • postmaster@richmondscientific.com
  • postmaster@spiritofchaos.co.uk
  • postmaster@thesandiegos.com
  • postmaster@visimap.com
  • postmaster@winstanleysbikes.co.uk
  • postmaster@trusteddomain.org
  • report@test.mobileoffice.biz
  • SpamMaster@farley.com
  • SpamMaster@intlbridge.com
  • SpamMaster@myib.com
  • SpamMaster@parcelpool.com

When we get a DMARC report we filter them into a special "DMARC REPORTS" folder to be processed. Other companies built automation features to figure out what places are sending DMARC reports by parsing the attachments. Some companies set their RUA address to companies that will automatically parse and present the data in an easy to read format and graphs. It's up to you to decide how you want to handle your incoming DMARC reports.

Now you’re more likely asking, "How do I set my _DMARC Record up?" That's the easy part.

You can just utilize our free DMARC record generator tool

Generate and test your DMARC Record


The easiest way to do this is to use our DMARC Wizard and fill out the questionnaire. On the bottom of the DMARC Wizard page, after it generates your DMARC Record, there will be instructions on how to add the records to your DNS.

Once the DMARC record is added to your DNS you can send an email to "mailtest@unlocktheinbox.com" and it will return the results letting you know the status of DMARC, SPF, DKIM, Sender ID, and Spam Assassin checks. The dmarc check portion of this tool validates and checks all of the configurations of your  Dmarc Record.

Standard: Domain-based Message Authentication, Reporting and Conformance


Source: Unlock The Inbox & DMARC.org

Copyright © 2018 Unlock The Inbox