DMARC policy control & management
Sendmarc’s DMARC policy control and management feature enables organizations to centrally manage and enforce DMARC record settings on multiple domains, either on a group level or individually. This can be done through CNAME delegation, which points subdomains to a TXT record, allowing for consistent policy application and enhanced email security.
DMARC policy management methods
Raw TXT DMARC record
Managing DMARC policies directly through TXT records involves manually updating each domain. This has a few challenges, including:
- Higher chance of misconfigurations: Each domain requires its own configuration, which can lead to errors
- Slower enforcement: Changes must be made manually in each DNS entry, making updates time-consuming
- Increased upkeep: Every policy change requires updates on multiple domains
TXT DMARC record example
Here’s an example of a DMARC TXT record:
_dmarc.sdmarc.net. TXT "v=DMARC1; p=reject; sp=quarantine; rua=mailto:aggregate@sdmarc.net; ruf=mailto:forensic@sdmarc.net; pct=100; aspf=s; adkim=s; fo=1; rf=afrf; ri=86400"
CNAME delegation & platform control
Using CNAME delegation, organizations can centrally manage DMARC policies through the Sendmarc platform. This method:
- Ensures consistent policy enforcement across all domains
- Reduces individual DNS updates every policy change
- Decreases manual effort while enhancing security
CNAME delegation example
Here’s an example of enabling DMARC policy control via CNAME delegation:
_dmarc.yourdomain.com. CNAME _dmarc.yourdomain.com.sdmarc.net.
This record’s published once on the domain DNS, after that, all future settings on the DMARC record are controlled via your company’s Sendmarc account.
DMARC policy parameters & controls
Below, we’ve included lists of DMARC settings, which are easily managed through Sendmarc’s platform.
Required DMARC parameters
| Parameter | Description | Values |
V | DMARC version | DMARC1 |
p | Policy for emails that fail DMARC checks | none, quarantine, reject |
Optional DMARC parameters
| Parameter | Description | Values |
sp | Subdomain policy | none, quarantine, reject |
rua | Aggregate report recipients | One or more mailto URIs |
ruf | Forensic report recipients | One or more mailto URIs |
pct | Percentage of messages subjected to the policy | 1-100 |
aspf | SPF alignment mode | r (relaxed), s (strict) |
adkim | DKIM alignment mode | r (relaxed), s (strict) |
fo | Forensic reporting options | 0, 1, d, s |
rf | Forensic report format | afrf, iodef |
ri | Aggregate report interval (seconds) | Default: 86400 (1 day) |
Benefits of using Sendmarc's DMARC policy control
- Simplifies DMARC management: Centralized control reduces complexity
- Enhances security: Ensures policies are applied consistently
- Reduces workload: Automation decreases manual tasks
- Supports scalability: Ideal for organizations managing multiple domains
Resources
Knowledgebase
Video heading
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras et lacus suscipit mi tristique dignissim. In sit amet interdum dui, ac ullamcorper diam. Nunc a est eu orci egestas cursus at in ante. Vestibulum ligula urna, ultrices vitae velit quis.
