DMARC Builder Settings

A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM and tells a receiver what to do if neither of those authentication methods passes, such as quarantine or reject the message. DMARC Protection's DMARC Builder allows you to look up the DMARC policy record for any domain. You can then use the DMARC Builder to either modify or create the text of a valid DMARC record for the domain(s). DMARC Builder also provides information about the DNS provider for the domain and how to get the DMARC record published.

This topic describes all the settings in DMARC Builder. (The Advanced Settings are optional and will default to the recommended settings. It is recommended that you not change these settings).

Setting Description
Domain(s) The domain name for which you are creating or modifying a DMARC record. This can be a single domain or a comma separated list of domain names.
Policy

The action that a domain owner requests email receivers to take on received messages with their domain in the header From address that fail DMARC. Select:

  • None: This tells a receiver to take no special action on messages which fail DMARC, but send DMARC data to the specified reporting addresses in the domain’s DMARC record. Note: This is the recommended policy to choose in this step.
  • Quarantine: This requests that receivers place messages which fail DMARC in the recipient’s spam folder or other quarantined area where the message may be reviewed with suspicion.
  • Reject: This requests that receivers reject any messages which fail DMARC and report on the action in DMARC data. Rejected messages will never be available to the recipient.
Send Aggregate Data to The email address where DMARC aggregate data will be sent. DMARC Builder sets Agari's reporting address by default. You can specify another reporting address in addition to Agari's address and both will appear in the DMARC record. DMARC receivers should send reporting data to both addresses.
Send Forensic Data to

The email address where DMARC forensic data will be sent. DMARC Builder sets Agari's reporting address by default. You can specify another reporting address in addition to Agari's address and both will appear in the DMARC record. DMARC receivers should send reporting data to both addresses.

Warning! Forensic data is a real time flow of messages failing DMARC. Data volumes can be very high and very sporadic. Adding your own reporting address here may cause problems with your local mail server.
Advanced Settings
Report Format Specifies the format of DMARC forensic reports. While the DMARC specification allows both AFRF and IODEF, currently the only format sent by DMARC receivers is AFRF.
DKIM identifier alignment

Defines how sub-domains are handled in DKIM. Select:

  • Relaxed: to allow the DKIM signing domain and header from domain to be sub-domains of each other.
  • Strict: to require the DKIM signing domain and header from domain be an exact match.
SPF identifier alignment

Defines how sub-domains are handled in SPF. Select:

  • Relaxed: to allow the MailFrom domain and header from domain to be sub-domains of each other.
  • Strict: to require the MailFrom domain and header from domain be an exact match.
Apply to % This is the percentage of messages from the domain for which the policy will be applied. For example, if you specify a "reject" policy and 50% here, then the reject policy will only be applied to a random 50% of the messages failing DMARC Authentication by the receiver.
Reporting Interval The DMARC specification allows you to request DMARC aggregate reports covering different time intervals. In reality all current DMARC implementations only send reports in 24 hour increments.
Subdomain Policy By default, a domain's DMARC policy applies to all of its sub-domains. DMARC allows you to apply a different policy to sub-domains if you wish. Whatever sub-domain policy you specify will apply to ALL sub-domains. If you want a different policy for specific sub-domains, publish a DMARC records specifically for those sub-domain.
Forensic Report Options You can tell DMARC receivers under which failure conditions you would like to receive forensic reports. Customer Protect will set this to send reports for any SPF or DKIM failure by default. You can change this to send reports only if both SPF and DKIM fail.