Chat +1-888-563-5277 [email protected]

What are DMARC Tags: DMARC Tags Explained

DMARC is a technology that reduces the number of spam and phishing emails by exchanging information between the addresser and the recipient. The recipient provides information about the mail authentication infrastructure. And the sender tells what to do if the message fails verification. We’ll learn DMARC tags in our article.

How DMARC Works?

DMARC is designed to integrate with minimal effort into any mailing process. Moreover, it helps determine if the message matches what the recipient knows about the sender. Or, more simply: can this sender be trusted? If yes, the subscriber receives the message, if not, the DMARC policy for unauthenticated messages is triggered. So, this is how the full cycle of sending and receiving email messages looks like with the DMARC policy enabled.

The benefits of DMARC can hardly be overestimated. Thence, DMARC allows you to completely eliminate unwanted fraudulent traffic for the sender, delivering only authenticated messages to the recipient.

What-are-DMARC-Tags- DMARC-Tags-Explained

However, with a large number of mailings from a domain, there is a high probability that the rating of your domain and your letters will decrease to the point that all sent letters will end up in spam and won’t reach the recipients. In order to successfully pass sender authentication and spam verification, three domain text records must be configured: SPF / DKIM / DMARC. Accordingly, you can check the availability of all these types of records for your domain using this link.

DMARC Syntax and Tag Descriptions: DMARC tags

All DMARC tags are divided into optional and required tags. Let’s start with the mandatory ones.

Required tags

p – policy for receiving messages. Determines the policy for receiving messages for the domain and subdomains.

Accepted values:

None – no action is required.

Quarantine – the domain possessor asks that failed DMARC messages are suspicious. Thus the messages will end up in the spam folder, be flagged as dubious.

Reject – the owner is requesting that messages failed DMARC verification be rejected. Moreover, the rejection must be done during an SMTP transaction.

v – must take the value DMARC1. Otherwise, the entry will be ignored.

Optional tags

adkim – DKIM record authentication check. It can take the value “r” – relaxed or “s” – strict. The default is “r”.

If the DKIM record being verified belongs to the domain d =, and the message is sent from [email protected], the verification will pass. In the strict case, the check will be passed only if the sending comes from an address on the domain. That’s why subdomains will not pass validation.

aspf – SPF record authentication check. By analogy with adkim, it can be “r” – relaxed or “s” – strict. Consequently, the default is “r”.

fo – error reporting settings. The default is “0”.

“Pct” is responsible for the number of emails to be filtered, indicated as a percentage, for example, “pct = 20” will filter 20% of emails.

Optional DMARC tags

rf – format for bug reports. The default is afrf.

ri – the interval between sending aggregated reports (in seconds).

rua – addresses for sending aggregated reports, separated by commas. It is possible to specify mailto: links for sending reports by mail.

ruf – addresses to submit bug reports, separated by commas. So specifying this tag implies that the owner requires recipient servers to send detailed reports on every message that fails DMARC validation.

“fo” – generates reports if one of the mechanisms breaks. “Fo = 0” (used by default) – send a report if no authentication stage has been passed, “Fo = 1” – send a report if at least one stage of authentication hasn’t been passed, “Fo = d” – send a report if DKIM authentication isn’t passed, “Fo = s” – if SPF authentication isn’t passed. Thus, to set up DMARC, go to your hosting control panel and add a TXT DNS record to the settings. Simply fight spam, phishing and unwanted mail.

Now as you have a general understanding of DMARC tags, you can use our DMARC Record Generator tool to create and/or update your DMARC Record.


Salesforce SPF & DKIM Authentication

Our informative post will help you find out how you can set up Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures on your Salesforce email to eliminate spam from your domain and increase security. SPF records allow receiving servers to check whether an email...

Read More

How to Set Up SPF and DKIM for SendGrid

Domain Authentication shows providers (Google, Outlook, Yahoo!, etc.) that Sendgrid has your permission to send emails on your domain's behalf. Without proper authentication, Sendgrid manages your mail stream, thus your recipients see the “via” message in their mailbox. To authorize SendGrid to send emails...

Read More

SPF, DKIM, DMARC Setup Guide for Google Workspace (Formerly G Suite)

Our informative post will help you find out how you can setup Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures and Domain-based Message Authentication, Reporting, and Conformance (DMARC) on your Google Workspace (formerly G Suite) email to eliminate spam from your domain and...

Read More