Configuring a DMARC Record for a Domain

DMARC stands for Domain-Based Message Authentication, Reporting and Conformance. It has been designed to reduce email abuse. This technology is based on the specifications for DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework). 

A DMARC policy lets you indicate that your emails are protected using the SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) procedures. This policy also lets you specify how the recipient handles emails based on the results of the DKIM and SPF check and notifies you, as the domain owner, of any abuse.

DMARC policies are added in the form of a TXT record. This record is called the DMARC record. It is created with the subdomain name _dmarc (e.g. _dmarc.example.com). The TXT record consists of tags that are separated by semicolons.

Example:

v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@example.com

Structure of a DMARC Record

The following are the common tags used in DMARC (TXT) records:

NAME OF THE TAG PURPOSE EXAMPLE
v Protocol version, the value must be DMARC1. v=DMARC1
p Policy for this domain. This value determines the action to be performed on suspicious emails. p=reject
  none: If you specify this value, the recipient is asked not to perform any action.  
  quarantine: The messages are classified as suspicious by the recipient or marked as spam.  
  reject: The recipient is instructed to reject emails if they have not passed the DMARC check.  
pct Percentage of emails to be filtered. This value determines the percentage that is to be filtered using the DMARC policy. The specified value must be a number between 1 and 100. The default value is 100. pct=100
ruf Email address to which the error reports are sent. ruf=mailto:postmaster@example.com
rua Email address to which the aggregated status reports are sent. rua=mailto:postmaster@example.com
sp Policy for subdomains. sp=reject
  none: If you specify this value, the recipient is asked not to perform any action.  
  quarantine: The messages are classified as suspicious by the recipient or marked as spam.  
  reject: The recipient is instructed to reject emails if they have not passed the DMARC check.  
adkim Defines the settings of the matching mode for DKIM signatures. This value determines how exactly the emails must match the DKIM signatures. Valid values are: adkim=s
  r stands for relaxed. If this value is specified, any valid subdomain in the DKIM email headers will be accepted.  
  s stands for strict. The header of the emails must exactly match the value d=name in the DKIM email headers.  
aspf This value determines how closely messages must match the SPF signatures. aspf=r
  r stands for relaxed. If this value is specified, any valid subdomain is accepted.  
  s stands for strict. The header of the emails must exactly match the domain name in the SMTP Mail FROM command.  

Example Configurations

This configuration rejects all emails that do not match DKIM and SPF check results. In addition, an aggregated status report will be sent to postmaster@example.com.

v=DMARC1;p=reject;pct=100;rua=postmaster@example.com


The configuration in the following example does not reject emails and sends an aggregated status report of all emails that do not match the SPF and DKIM check results for the domain and all subdomains to postmaster@example.com. 

v=DMARC1;p=none;pct=100;rua=postmaster@example.com

This configuration has no influence on email delivery and is particularly suitable for testing.


The configuration below marks all emails that do not match the results of the DKIM and SPF checks as spam or suspicious. In this process, 10% of the emails are checked. In addition, a report is sent to postmaster@example.com for each error.

v=DMARC1;p=quarantine;pct=10;ruf=postmaster@example.com

Configure DMARC Record

You can configure the DMARC (TXT) record in your IONOS account.

  • Click the desired domain, under Actions, click the Gear icon and then click DNS.

  • Click ADD RECORD. Under Type, select the entry TXT.

  • In the field Host name, enter the subdomain name _dmarc.
    The subdomain _dmarc.your-domain.com will be automatically created for your TXT record.

  • In the field Value, enter the desired tags, which you can separate by a semicolon (;).
    Example: v=DMARC1;p=reject;pct=100

  • Optional: Select the desired TTL (Time-To-Live).

  • Click Save.

Your changes are immediately effective with IONOS. However, it may take up to 1 hour until the changes become effective everywhere. This is due to the decentralized structure of the Domain Name System.