DMARC Builder Settings
A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM and tells a receiver what to do if neither of those authentication methods passes, such as quarantine or reject the message. DMARC Protection's DMARC Builder allows you to look up the DMARC policy record for any domain. You can then use the DMARC Builder to either modify or create the text of a valid DMARC record for the domain(s). DMARC Builder also provides information about the DNS provider for the domain and how to get the DMARC record published.
This topic describes all the settings in DMARC Builder. (The Advanced Settings are optional and will default to the recommended settings. It is recommended that you not change these settings).
Setting | Description |
---|---|
Domain(s) | The domain name for which you are creating or modifying a DMARC record. This can be a single domain or a comma separated list of domain names. |
Policy |
The action that a domain owner requests email receivers to take on received messages with their domain in the header From address that fail DMARC. Select:
|
Send Aggregate Data to | The email address where DMARC aggregate data will be sent. DMARC Builder sets Agari's reporting address by default. You can specify another reporting address in addition to Agari's address and both will appear in the DMARC record. DMARC receivers should send reporting data to both addresses. |
Send Forensic Data to |
The email address where DMARC forensic data will be sent. DMARC Builder sets Agari's reporting address by default. You can specify another reporting address in addition to Agari's address and both will appear in the DMARC record. DMARC receivers should send reporting data to both addresses. Warning! Forensic data is a real time flow of messages failing DMARC. Data volumes can be very high and very sporadic. Adding your own reporting address here may cause problems with your local mail server. |
Advanced Settings | |
Report Format | Specifies the format of DMARC forensic reports. While the DMARC specification allows both AFRF and IODEF, currently the only format sent by DMARC receivers is AFRF. |
DKIM identifier alignment |
Defines how sub-domains are handled in DKIM. Select:
|
SPF identifier alignment |
Defines how sub-domains are handled in SPF. Select:
|
Apply to % | This is the percentage of messages from the domain for which the policy will be applied. For example, if you specify a "reject" policy and 50% here, then the reject policy will only be applied to a random 50% of the messages failing DMARC Authentication by the receiver. |
Reporting Interval | The DMARC specification allows you to request DMARC aggregate reports covering different time intervals. In reality all current DMARC implementations only send reports in 24 hour increments. |
Subdomain Policy | By default, a domain's DMARC policy applies to all of its sub-domains. DMARC allows you to apply a different policy to sub-domains if you wish. Whatever sub-domain policy you specify will apply to ALL sub-domains. If you want a different policy for specific sub-domains, publish a DMARC records specifically for those sub-domain. |
Forensic Report Options | You can tell DMARC receivers under which failure conditions you would like to receive forensic reports. Customer Protect will set this to send reports for any SPF or DKIM failure by default. You can change this to send reports only if both SPF and DKIM fail. |