All Products
Search
Document Center

Direct Mail:What Is DMARC and How to Set Up DMARC Records?

Last Updated:Jun 02, 2026

Set up DMARC records to prevent domain spoofing and receive reports on unauthorized use of your domain.

What is DMARC

DMARC (Domain-based Message Authentication, Reporting & Conformance) lets you prevent domain spoofing and receive reports when others attempt to forge your domain.

When a recipient's MTA supports DMARC, it verifies emails sent from your domain. If verification fails, a report is sent to the address specified in the DMARC record.

DMARC record parameters

TXT="v=DMARC1;p=quarantine;pct=0;ri=3600;rua=mailto:abc@example.net;ruf=mailto:abc@example.net"
  • P: Policy action for emails that fail DMARC verification. Values: none, quarantine, reject.

    • p=none: Deliver all emails, even if they fail DMARC verification.

    • p=quarantine: Quarantine emails that fail DMARC verification. Use the pct parameter (default: 100) to set the percentage of failing emails to quarantine.

    • p=reject: Reject all emails that fail DMARC verification.

  • rua: Email address that receives aggregate DMARC reports.

  • ruf: Email address that receives forensic (failure) reports.

  • SP: Subdomain policy. Works like P but applies to subdomains. If set on the parent domain, subdomains inherit this policy.

  • ri: Interval in seconds between aggregate reports. Optional; default: 86400 (24 hours).

  • ADKIM: DKIM alignment mode. r (default): relaxed, allows subdomains. s: strict, requires exact domain match.

  • ASF: SPF alignment mode. r (default): relaxed, allows subdomains. s: strict, requires exact domain match.

  • v: Version. Required. Must be "DMARC1" and appear as the first tag.

  • fo: Failure reporting options. Optional; default: 0. Colon-separated list. Ignored if ruf is not set. Pair with p=none for observation testing; setting fo=1 with p=reject may prevent rejection.

Set up a DMARC record

1. Verify that you have configured one of the following: the SPF record "v=spf1 include:spf1.dm.aliyun.com -all", or DKIM using the value provided in the console.

2. Add the following DMARC record:

Mail server

DNS record type

Record value

_dmarc

TXT

v=DMARC1; p=quarantine; rua=mailto:dmarc_report@example.net

Notice

  • "dmarc_report@example.net" is where Direct Mail collects DMARC reports by default. To view a specific report, replace it with a working email address from the same organization (a subdomain address is also accepted).

  • If your domain is not registered with Alibaba Cloud, contact your domain registrar for DNS configuration instructions.

Example: Alibaba Cloud DNS

The following steps use Alibaba Cloud DNS.

1. Log on to the Alibaba Cloud DNS console. Select your domain and click Resolution Settings. Resolution Settings

2. Click "Add Record", enter the following values, and click "Confirm".

Example:

Record type: TXT

Host: @

The following figure shows an example DMARC record: DMARC

Query DMARC records

Use the dig or nslookup command to query DMARC records:

Linux: dig _dmarc.yourdomain.com txt

Windows: nslookup -qt=TXT _dmarc.yourdomain.com