Perform A DMARC Record Check To Test And Verify Your Domain’s DMARC’s Records
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It is an addition to the email authentication protocols such as DKIM and SPF, which one can implement easily; all you have to do is to create SPF record or check DKIM record and then test it using a robust SPF checker.
What Is A DMARC Record Check?
The DMARC record check is a diagnostic tool that performs the parsing process of the DMARC record. It displays the DMARC record along with additional information by performing a series of diagnostic tests on the record to verify whether the TXT record is valid and published correctly or not.
Why Is It Necessary To Perform DMARC Record Check?
There are several reasons why it is necessary to perform a DMARC record check. Some of these are
- Verify if the record is published correctly or not.
- Prevent any error while formatting the record.
- Get additional information regarding any possible betterments that could be made.
- Ensure where the DMARC report is being sent.
Results Of DMARC Record Check
When you perform a DMARC record check then the following tags are generally declared in the result:
TAG | Explanation |
V | This tag is the protocol version of DMARC. |
P |
This tag is put into use when an email fails the DMARC record check. The failure can be None, Quarantine or Reject.
|
rua | This tag is the URLs list, for example, mailto:test@example.net.” (Note that this is not a list of email addresses) for the Internet Service Providers (ISPs) to send the XML feedback. |
ruf | This tag is the list of URLs that the ISPs use to send forensic reports. |
rf | This tag is the reporting format for forensic reports, which is in the form of either afrf or iodef. |
pct | It is the percentage tag used to instruct the ISPs for applying the DMARC protocol only to a certain percentage of failing emails. This tag doesn’t work on the “none” status. |
adkim |
This tag is used to specify the “Alignment Mode” for the DKIM signature. It can be either one of these: · “r”: It is the relaxed mode in which the DMARC check will result in a “pass” when the authentic DKIM signing domain (d=) will share the Organization Domain with the email “From” domain. · “s”: It is the strict mode in which there is a requirement of an exact match. |
aspf | This tag is used to specify the “Alignment Mode” for SPF. In this case, also, it can either be relaxed (“r”) or strict (“s”). |
sp | This tag is applied to those emails from a sub-domain of a domain whose DMARC result is“fail.” |
fo | This tag stands for Forensic options. |
ri | This tag is used to specify the reporting interval. It denotes the time interval within which one wants the aggregate ML report. |
Phishing and spoofing attacks have continually been on the uprise since the past few years. Hence, it is vital to use DMARC record checks to ensure the correct implementation of this email authentication protocol. DMARC tells the receiving systems what to do with SPF record check or DKIM failed messages. It is recommended to implement DMARC with SPF and DKIM for additional protection against spoofing and phishing. Users are advised to check with their domain hosts if they provide the DMARC record check; for instance, SPF record check google – G-Suite service can be availed by users who manage their business emails using G-Suite.
Join the thousands of organizations that use DuoCircle
Find out how affordable it is for your organization today and be pleasantly surprised.