Browser Upgrade Recommended
Our website has detected that you are using an outdated browser that will prevent you from accessing certain features. An update is strongly recommended to improve your browsing experience.
Enter the DMARC policy to be validated.
Unsuccessful ValidationAn unkown error occurred, please try again later. If this error persists, try contacting our Customer Service. |
Validation PassedThe policy you have entered is syntactically valid. |
Validation Passed with WarningsThe policy is syntactically valid, but contains one warning. See the table below for additional details. The policy is syntactically valid, but contains a total of warnings. See the table below for additional details. |
Invalid DMARC PolicyThe policy contains one syntax error. See the table below for additional details. The policy contains a total of syntax errors. See the table below for additional details. |
Unknown Policy StringThe text you have entered does not look like a DMARC policy (missing or wrong placement of v=DMARC1 maybe?) and will be ignored by DMARC clients. |
DMARC Policy Could Not Be RetrievedCould not query the DMARC record from the domain ''. |
Declared Tags
| Tag | Value | Explanation |
|---|---|---|
|
|
Defaulted Tags
| Tag | Value | Explanation |
|---|---|---|
|
|
Version (plain-text; REQUIRED).
Identifies the record retrieved as a DMARC record. It MUST have the value of "DMARC1". The value of this tag MUST match precisely; if it does not or it is absent, the entire retrieved record MUST be ignored. It MUST be the first tag in the list.
Defines the requested policy for emails that does not pass the DMARC test (plain-text; REQUIRED for policy records).
Indicates the policy to be enacted by the Receiver at the request of the Domain Owner. Policy applies to the domain queried and to subdomains, unless subdomain policy is explicitly described using the "sp" tag. This tag is mandatory for policy records only, but not for third-party reporting records (see RFC7489 Section 7.1). Possible values:
| none: | The Domain Owner requests no specific action be taken regarding delivery of messages. |
| quarantine: | The Domain Owner wishes to have email that fails the DMARC mechanism check be treated by Mail Receivers as suspicious. Depending on the capabilities of the Mail Receiver, this can mean "place into spam folder", "scrutinize with additional intensity", and/or "flag as suspicious". |
| reject: | The Domain Owner wishes for Mail Receivers to reject email that fails the DMARC mechanism check. Rejection SHOULD occur during the SMTP transaction. See RFC7489 Section 10.3 for some discussion of SMTP rejection methods and their implications. |
Defines the DKIM Identifier Alignment mode to use (plain-text; OPTIONAL).
| r: | Relaxed mode basically means that emails from subdomains will also pass the DMARC check. For example if the "d=" domain of the DKIM signature is "example.org" and the RFC5322.From field is "news.example.org" the two domains would be considered to be "in alignment". |
| s: |
Strict mode means that the "d=" domain of the DKIM signature and the RFC5322.From field should
match exactly. See RFC7489 Section 3.1.1 for more details. |
Defines the SPF Identifier Alignment mode to use (plain-text; OPTIONAL).
| r: | Relaxed mode basically means that emails from subdomains will also pass the DMARC check. For example if the SPF-authenticated domain is "example.org" and the RFC5322.From field is "news.example.org" the two domains would be considered to be "in alignment". |
| s: |
Strict mode means that the SPF-authenticated domain and the RFC5322.From field should
match exactly. See RFC7489 Section 3.1.2 for more details. |
Failure reporting options (plain-text; OPTIONAL).
Provides requested options for generation of failure reports. Report generators MAY choose to adhere to the requested options. This tag's content MUST be ignored if a "ruf" tag is not also specified. The value of this tag is a colon-separated list of characters that indicate failure reporting options as follows:
| 0: | Generate a DMARC failure report if all underlying authentication mechanisms fail to produce an aligned "pass" result. |
| 1: | Generate a DMARC failure report if any underlying authentication mechanism produced something other than an aligned "pass" result. |
| d: | Generate a DKIM failure report if the message had a signature that failed evaluation, regardless of its alignment. DKIM-specific reporting is described in RFC6651 - Extensions to DomainKeys Identified Mail (DKIM) for Failure Reporting. |
| s: | Generate an SPF failure report if the message failed SPF evaluation, regardless of its alignment. SPF-specific reporting is described in RFC6652 - Sender Policy Framework (SPF) Authentication Failure Reporting Using the Abuse Reporting Format. |
Defines the percentage of email messages the DMARC policy is applied to (integer between 0 and 100; OPTIONAL).
The purpose of the "pct" tag is to allow Domain Owners to enact a slow rollout enforcement of the DMARC mechanism. The prospect of "all or nothing" is recognized as preventing many organizations from experimenting with strong authentication-based mechanisms. See RFC7489 Section 6.6.4 for more details.
Format to be used for message-specific failure reports (colon-separated plain-text list of values; OPTIONAL).
The value of this tag is a list of one or more report formats as requested by the Domain Owner to be used when a message fails both SPF and DKIM tests to report details of the individual failure. Possible values:
| afrf: | Authentication Failure Reporting Format (RFC6591). |
| iodef: | The Incident Object Description Exchange Format (RFC5070). |
The interval defined in seconds between the delivery of the aggregate reports (unsigned integer; OPTIONAL).
Defines the address or list of addresses to which aggregate reports needs to be sent (comma-separated plain-text list of DMARC URIs; OPTIONAL).
Any valid URI can be specified; however, Mail Receivers are only required to implement support for a "mailto:" URI (sending a DMARC report via electronic mail).
Defines the address or list of addresses to which message-specific failure (forensic) reports needs to be sent (comma-separated plain-text list of DMARC URIs; OPTIONAL).
If present, the Domain Owner is requesting Mail Receivers to send detailed failure reports about messages that fail the DMARC evaluation in specific ways (defined in the "fo" tag).
Defines the requested policy for emails coming from all subdomains that does not pass the DMARC test (plain-text; OPTIONAL).
Applies only to subdomains of the domain queried and not to the domain itself. Syntax is identical to that of the "p" tag defined. If absent, the policy specified by the "p" tag is applied for all subdomains.
-
SPF Tools
Test your SPF policy before deployment using our SPF Policy Tester tool and make sure it will work as planned. Check your SPF policy for syntax errors to discover problems prior publishing.About ORF
This service was brought to you by ORF, our award-winning email security solution for Microsoft® Exchange and IIS SMTP servers.