DMARC
DMARC stands for Domain-based Message Authentication Reporting and Conformance. It is a DNS TXT record that instructs a receiving email server what to do with an email after checking the DKIM and SPF records. This helps to prevent email spoofing and should be used for all domains including domains that do not send email.
DMARC records live at _dmarc.example.com.
I recommend you use the following DMARC setting: v=DMARC1; p=reject; adkim=s; aspf=s;
- p will instruct the server what to do after checking dkim and spf. available options:
- none - allows emails to continue through
- quarantine - send to spam
- reject - block the email entirely
- asdkim indicates whether the DMARC check should be relaxed or strict
- r = relaxed
- s = strict
- aspf indicates whether the SPF check should be relaxed or strict
- r = relaxed
- s = strict
- rua is an email that can receive DMARC reports that help to receiving email servers to report where email senders are coming from