Domain-based Message Authentication Reporting and Conformance (DMARC)
DMARC, or Domain-based Message Authentication, Reporting, and Conformance, is an email authentication protocol. It helps prevent email phishing and spoofing by allowing senders to specify policies for email validation. DMARC is crucial as it enhances email security, protects sender reputation, and ensures recipients receive legitimate emails, reducing phishing threats.
v
v=DMARC1
v=DMARC1
Mandatory for all DMARC records.
p
Not Found
p=reject
A strong DMARC policy is set to p=reject, this is followed in strength by p=quarantine, and p=none.
pct
pct=100
pct=100
Percentage (pct) of the number of messages the policy will apply to. Defaults to 100 if pct= is omitted.
rua
Not Found
dmarc@
Aggregate Reporting
ruf
Not Found
dmarc@
Forensic Reporting
Sender Policy Framework (SPF)
SPF (Sender Policy Framework) is an email authentication method that verifies the authenticity of the sender's domain. It prevents email spoofing by specifying authorized mail servers for a domain. SPF is crucial as it ensures incoming emails are legitimate, reducing the risk of phishing attacks and spam.
v=spf1
v=spf1
v=spf1
Mandatory for all SPF records.
Fail type
-all
A strong SPF policy ends with "-all", without the quotation marks.
TLS Reporting (TLS-RPT)
TLS Reporting (TLS-RPT) enables domain owners to receive reports about email delivery issues, enhancing email security. It helps diagnose misconfigurations, detect potential attacks, and ensures proper implementation of Transport Layer Security (TLS) protocols. TLS-RPT is crucial for maintaining secure and reliable email communication.
v
v=TLSRPTv1
v=TLSRPTv1
Mandatory for all MTA-STS records.
id
Not found
id=undefined
A strong SPF policy ends with "-all", without the quotation marks.
Mail Transfer Agent Strict Transport Security (MTA-STS)
MTA-STS ensures secure email transmission by enforcing encryption, thwarting encryption downgrade attacks, and protecting against man-in-the-middle threats. It's vital for safeguarding sensitive data, preventing unauthorized access, and maintaining the integrity and confidentiality of email communications.
MTA STS Placeholder record
v
v=STSv1
v=STSv1
Mandatory for all MTA-STS records.
id
Not found
id=undefined
A strong SPF policy ends with "-all", without the quotation marks.
Certificate Authority Authorization (CAA)
CAA (Certificate Authority Authorization) is a DNS record that allows domain owners to specify which certificate authorities are authorized to issue SSL/TLS certificates for their domain. It's important for enhancing security by preventing unauthorized issuance, reducing the risk of man-in-the-middle attacks and ensuring the validity of digital certificates.
issue
CAA Placeholder record
RFC 7208 - A "fail" [-all] result is an explicit statement that the client is not authorized to use the domain in the given identity.
RFC 7208 - A "softfail" [~all] result is a weak statement by the publishing ADMD [Administrative Management Domain] that the host is probably not authorized. It has not published a stronger, more definitive policy that results in a "fail".
RFC 7208 - A "neutral" [?all] result means the ADMD [Administrative Management Domain] has explicitly stated that it is not asserting whether the IP address is authorized... a "neutral" result must be treated exactly like the "none "result"... "with a "none" result, the SPF verifier has no information at all about the authorization of lack thereof...
RFC 7208 - A "pass" [+all] result is an explicit statement that the client is authorized to inject mail with the given identity.
Disclaimer: The suggestions above are based on the existing records we've found for your domain. For example, if you are already using mail servers in your old SPF record, the new one will have those same servers. With that in mind, when updating records ensure you check the records to make sure your servers and services list is up to date.