Լight modeDark mode
DMARC Tags
DMARC records are a combination of various mechanisms or DMARC tags that communicate specific instructions to email-receiving servers during mail transfer. Each of these DMARC tags contains a value that is defined by the domain owner. Today we are going to discuss what DMARC tags are and what each of them stands for.
Note: With the publication of RFC 9989 in 2026, the set of DMARC tags changed. Three tags (np, psd, and t) were added, and three tags (pct, rf, and ri) were moved to historic status. Records that still contain the historic tags continue to work, because receivers ignore tags they do not recognise, but they should be left out of new records. The tables below reflect the current RFC 9989 tag set, followed by the historic tags for reference.
Active DMARC tags (RFC 9989)
| DMARC Tag | Type | Default value | What it means |
|---|---|---|---|
| v | mandatory | The v tag represents the DMARC protocol version and always has the value v=DMARC1. | |
| p | recommended | none | This tag addresses the DMARC policy mode. You can select from reject, quarantine, and none. Under RFC 9989 it is technically optional and defaults to none if omitted, but it should always be set explicitly. |
| sp | optional | The policy mode configured for your main domain (p) | The sp tag defines a policy mode for your existing subdomains. |
| np | optional | Falls back to sp, or to p if sp is absent | The np tag defines a policy mode for non-existent subdomains (names that do not resolve in DNS). It closes a spoofing gap that sp did not cover, since sp applies only to existing subdomains. |
| psd | optional | n | The psd tag indicates whether a domain is a Public Suffix Domain (a domain under which third parties register, such as .bank or .gov.uk). It supports the DNS Tree Walk used to find the organizational domain. Most ordinary domains do not need to set this. |
| t | optional | n | The t tag is a test-mode flag. t=y tells receivers to treat the domain as still testing, so they apply policy more leniently; t=n means full enforcement. It replaces the gradual-rollout role the historic pct tag used to serve. |
| rua | optional but recommended | The rua tag specifies the address where reporting organizations send DMARC aggregate reports (governed by RFC 9990). Example: rua=mailto:[email protected]; | |
| ruf | optional | The ruf tag specifies the address where DMARC failure reports (formerly called forensic reports, now governed by RFC 9991) are sent. In practice most major receivers no longer send these, partly for privacy reasons. Example: ruf=mailto:[email protected]; | |
| fo | optional | 0 | The fo tag sets the failure reporting options. It is ignored if ruf is not defined. The available options are: 0, a report is sent if the message fails both SPF and DKIM alignment; 1, a report is sent if the message fails either SPF or DKIM alignment; d, a DKIM failure report is sent if the DKIM signature fails validation regardless of alignment; s, an SPF failure report is sent if the message fails SPF evaluation regardless of alignment. |
| aspf | optional | r | The aspf tag sets the SPF alignment mode. The value can be strict (s) or relaxed (r). |
| adkim | optional | r | The adkim tag sets the DKIM alignment mode. The value can be strict (s) or relaxed (r). |
Historic tags (defined in RFC 7489, removed by RFC 9989)
These tags still parse in existing records but should not be used in new ones.
| DMARC Tag | Former default | What it meant |
|---|---|---|
| pct | 100 | Specified the percentage of mail to which the policy applied. Inconsistently implemented across receivers; its rollout role is now served by the t test-mode flag. |
| rf | afrf | Specified the format for failure reports. Only afrf was ever supported. |
| ri | 86400 | Specified the requested interval in seconds between aggregate reports. Most receivers ignored it and used their own schedules. |
DMARC Fundamentals >DMARC Tags
Course content
Email Authentication Fundamentals
What is SPF? Free2 m
Video Introduction to SPF Free1 m 41 s- A Brief History of SPF Free1 m
- How does SPF work? Free2 m
- SPF Tags: Syntax of an SPF Record Free3 m
- SPF Null Value Explained Free3 m
- SPF Neutral Mechanism Explained Free4 m
- How to create and publish SPF records? Free2 m
- SPF Authentication Failures Free3 m
- Video Explanation: SPF PermError Free1 m 39 s
Quiz 430 m
- What is DMARC? Free1 m
- Video Introduction to DMARC Free1 m 15 s
- A Brief History of DMARC Free1 m
- How does DMARC work? Free2 m
- What is DMARC Policy? : None, Quarantine & Reject Free2 m
- Video Explanation: DMARC Policy Free1 m 40 s
- DMARC Tags Free4 m
- DMARC Aggregate (RUA) Reports Free3 m
- DMARC Failure (RUF) Reports Free2 m
- How to Create and Publish a DMARC Record? Free3 m
- DMARC Authentication Failures Free3 m
- Video Explanation: Why does DMARC Fail? Free1 m 37 s
- Quiz 630 m