DMARC_BUILDER

DNSControl contains a DMARC_BUILDER which can be used to simply create DMARC policies for your domains.

Example

Simple example

dnsconfig.js
D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  DMARC_BUILDER({
    policy: "reject",
    ruf: [
      "mailto:mailauth-reports@example.com",
    ],
  }),
END);

This yield the following record:

@   IN  TXT "v=DMARC1; p=reject; ruf=mailto:mailauth-reports@example.com"

Advanced example

dnsconfig.js
D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  DMARC_BUILDER({
    policy: "reject",
    subdomainPolicy: "quarantine",
    percent: 50,
    alignmentSPF: "r",
    alignmentDKIM: "strict",
    rua: [
      "mailto:mailauth-reports@example.com",
      "https://dmarc.example.com/submit",
    ],
    ruf: [
      "mailto:mailauth-reports@example.com",
    ],
    failureOptions: "1",
    reportInterval: "1h",
  }),
END);
dnsconfig.js
D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  DMARC_BUILDER({
    label: "insecure",
    policy: "none",
    ruf: [
      "mailto:mailauth-reports@example.com",
    ],
    failureOptions: {
        SPF: false,
        DKIM: true,
    },
  }),
END);

This yields the following records:

@           IN  TXT "v=DMARC1; p=reject; sp=quarantine; adkim=s; aspf=r; pct=50; rua=mailto:mailauth-reports@example.com,https://dmarc.example.com/submit; ruf=mailto:mailauth-reports@example.com; fo=1; ri=3600"
insecure    IN  TXT "v=DMARC1; p=none; ruf=mailto:mailauth-reports@example.com; fo=d"

Parameters

  • label: The DNS label for the DMARC record (_dmarc prefix is added, default: "@")

  • version: The DMARC version to be used (default: DMARC1)

  • policy: The DMARC policy (p=), must be one of "none", "quarantine", "reject"

  • subdomainPolicy: The DMARC policy for subdomains (sp=), must be one of "none", "quarantine", "reject" (optional)

  • alignmentSPF: "strict"/"s" or "relaxed"/"r" alignment for SPF (aspf=, default: "r")

  • alignmentDKIM: "strict"/"s" or "relaxed"/"r" alignment for DKIM (adkim=, default: "r")

  • percent: Number between 0 and 100, percentage for which policies are applied (pct=, default: 100)

  • rua: Array of aggregate report targets (optional)

  • ruf: Array of failure report targets (optional)

  • failureOptions: Object or string; Object containing booleans SPF and DKIM, string is passed raw (fo=, default: "0")

  • failureFormat: Format in which failure reports are requested (rf=, default: "afrf")

  • reportInterval: Interval in which reports are requested (ri=)

  • ttl: Input for TTL method (optional)

Caveats

  • TXT records are automatically split using AUTOSPLIT.

  • URIs in the rua and ruf arrays are passed raw. You must percent-encode all commas and exclamation points in the URI itself.

Last updated