The DMARC standard (RFC 7489) defines 11 official fields published in DNS TXT records at _dmarc.domain.com. This technical reference provides complete specifications required to develop compliant DMARC record generators and validators.
General DMARC Record Syntax
DMARC records follow tag-value format with strict ordering constraints. The v=DMARC1 tag must be the first tag, followed by p= as the second mandatory tag. Other tags are optional and can appear in any order.
Mandatory separators: Semicolon (;) between tags, equals sign (=) between tag and value, comma (,) for URI lists.
Mandatory Fields
v (Version)
- Type: Fixed string
- Value: "DMARC1" (case-sensitive)
- Position: First mandatory tag
- Validation: Exact match required
p (Policy)
- Type: Enumeration
- Values: "none" | "quarantine" | "reject"
- Position: Second mandatory tag
- Function: Processing policy for primary domain
Optional Control Fields
sp (Subdomain Policy)
- Type: Enumeration
- Values: "none" | "quarantine" | "reject"
- Default: Inherits from
pvalue - Function: Specific policy for subdomains
adkim (DKIM Alignment)
- Type: Enumeration
- Values: "r" (relaxed) | "s" (strict)
- Default: "r"
- Function: Alignment mode between DKIM domain and From: header
aspf (SPF Alignment)
- Type: Enumeration
- Values: "r" (relaxed) | "s" (strict)
- Default: "r"
- Function: Alignment mode between SPF domain and From: header
Reporting Fields
rua (Aggregate Report URI)
- Type: Comma-separated URI list
- Format:
mailto:user@domain[!size][,mailto:user2@domain2] - Optional size: !10m (k|m|g|t for kilo/mega/giga/tera)
- Constraints: Commas and exclamation marks must be percent-encoded in URIs
- External validation: DNS record
_report._dmarc.domainrequired for external domains
ruf (Forensic Report URI)
- Type: Comma-separated URI list
- Format: Identical to
rua - Usage: Detailed failure reports (rarely implemented)
fo (Failure Options)
- Type: Colon-separated character list
- Values: "0" | "1" | "d" | "s"
- Default: "0"
- Format:
fo=0:1:d:sfor multiple combinations - Semantics: 0=SPF AND DKIM fail, 1=SPF OR DKIM fails, d=DKIM only, s=SPF only
Critical Validation Constraints
Mandatory tag ordering: The most common error is incorrect ordering. v=DMARC1 must be first, followed by p=.
Strict syntax validation: Enumerated values are case-sensitive (except DMARC1). A value "Reject" instead of "reject" invalidates the entire record.
DNS TXT constraints: Maximum length of 255 characters per string. Long records require automatic concatenation of multiple strings.
Cross-domain verification: For rua and ruf URIs pointing to external domains, a DNS record _report._dmarc.external-domain is mandatory to authorize report reception.
Valid Record Examples
Minimal record
Monitoring configuration
Full strict protection
With size limits and multiple URIs
Generation Algorithm for HTML/JS
DMARC record generation follows a strict algorithm:
- Initialize with
v=DMARC1 - Mandatory append
p=with selected value - Validate URIs for
ruaandruf(mailto: format mandatory) - Encode special characters in URIs (commas β %2C, exclamation β %21)
- Assemble with separator
;(semicolon + space) - Verify DNS length (255 characters max per string)
IANA DMARC Tag Registry
The official IANA registry defines 11 standardized tags:
- Current status: adkim, aspf, fo, p, pct, rf, ri, rua, ruf, sp, v
- Experimental extensions: np (Non-existent Policy) in DMARCbis
Deprecated Fields (RFC 7489)
The following fields are deprecated and should be avoided in new implementations:
pct (Percentage)
- Type: Integer
- Range: 0-100
- Default: 100
- Status: Deprecated in DMARCbis
- Validation: 1 to 3 ASCII digits
ri (Report Interval)
- Type: Integer (seconds)
- Default: 86400 (24h)
- Status: Deprecated in DMARCbis
rf (Report Format)
- Type: Enumeration
- Value: "afrf" (only supported value)
- Status: Deprecated in DMARCbis
Implementation Note: This technical specification comprehensively covers all official DMARC fields with their exact constraints, providing the complete foundation for implementing a standards-compliant generator per RFC 7489 and DMARCbis.