DMARC Options

Policy Options

• p=none: With this directive, DMARC does not change how email is handled by the receiver. In other words, no action is taken/messages remain unexamined.
• p=quarantine: This policy sets aside questionable emails for further processing, which are usually exiled to the “Junk” folder.
• p=reject: When emails do not come from your email infrastructure, this designation has the receiver outright reject those messages that fail DMARC authentication.

Failure Reports

• fo=0: Generate a DMARC failure report if all underlying authentication mechanisms (SPF and DKIM) fail to produce an aligned “pass” result. (Default)
• fo=1: Generate a DMARC failure report if any underlying authentication mechanism (SPF or DKIM) produced something other than an aligned “pass” result. (Recommended)
• fo=d: Generate a DKIM failure report if the message had a signature that failed evaluation, regardless of its alignment.
• fo=s: Generate an SPF failure report if the message failed SPF evaluation, regardless of its alignment.

Forensic Reports

Like the rua tag, the ruf designation is an optional tag. It directs addresses to which message-specific forensic information is to be reported (i.e., comma-separated plain-text list of URIs). An ruf example is ruf=mailto:CUSTOMER@for.example.com.

Aggerated Reports

This optional tag is designed for reporting URI(s) for aggregate data. An rua example is rua=mailto:CUSTOMER@for.example.com.

EXAMPLES:

TXT _dmarc v=DMARC1; p=none; fo=1; rua=mailto:sales@sflservicesllc.com

TXT _dmarc v=DMARC1; p=quarantine; pct=100; rua=mailto:sales@sflservicesllc.com; ruf=mailto:sales@sflservicesllc.com