github.com/StackExchange/dnscontrol/v4@v4.11.0/documentation/language-reference/domain-modifiers/DMARC_BUILDER.md (about) 1 --- 2 name: DMARC_BUILDER 3 parameters: 4 - label 5 - version 6 - policy 7 - subdomainPolicy 8 - alignmentSPF 9 - alignmentDKIM 10 - percent 11 - rua 12 - ruf 13 - failureOptions 14 - failureFormat 15 - reportInterval 16 - ttl 17 parameters_object: true 18 parameter_types: 19 label: string? 20 version: string? 21 policy: "'none' | 'quarantine' | 'reject'" 22 subdomainPolicy: "'none' | 'quarantine' | 'reject'?" 23 alignmentSPF: "'strict' | 's' | 'relaxed' | 'r'?" 24 alignmentDKIM: "'strict' | 's' | 'relaxed' | 'r'?" 25 percent: number? 26 rua: string[]? 27 ruf: string[]? 28 failureOptions: "{ SPF: boolean, DKIM: boolean } | string?" 29 failureFormat: string? 30 reportInterval: Duration? 31 ttl: Duration? 32 --- 33 34 DNSControl contains a `DMARC_BUILDER` which can be used to simply create 35 DMARC policies for your domains. 36 37 38 ## Example 39 40 ### Simple example 41 42 {% code title="dnsconfig.js" %} 43 ```javascript 44 DMARC_BUILDER({ 45 policy: "reject", 46 ruf: [ 47 "mailto:mailauth-reports@example.com", 48 ], 49 }) 50 ``` 51 {% endcode %} 52 53 This yield the following record: 54 55 ```text 56 @ IN TXT "v=DMARC1; p=reject; ruf=mailto:mailauth-reports@example.com" 57 ``` 58 59 ### Advanced example 60 61 {% code title="dnsconfig.js" %} 62 ```javascript 63 DMARC_BUILDER({ 64 policy: "reject", 65 subdomainPolicy: "quarantine", 66 percent: 50, 67 alignmentSPF: "r", 68 alignmentDKIM: "strict", 69 rua: [ 70 "mailto:mailauth-reports@example.com", 71 "https://dmarc.example.com/submit", 72 ], 73 ruf: [ 74 "mailto:mailauth-reports@example.com", 75 ], 76 failureOptions: "1", 77 reportInterval: "1h", 78 }); 79 ``` 80 {% endcode %} 81 82 {% code title="dnsconfig.js" %} 83 ```javascript 84 DMARC_BUILDER({ 85 label: "insecure", 86 policy: "none", 87 ruf: [ 88 "mailto:mailauth-reports@example.com", 89 ], 90 failureOptions: { 91 SPF: false, 92 DKIM: true, 93 }, 94 }); 95 ``` 96 {% endcode %} 97 98 This yields the following records: 99 100 ```text 101 @ IN TXT "v=DMARC1; p=reject; sp=quarantine; adkim=s; aspf=r; pct=50; rua=mailto:mailauth-reports@example.com,https://dmarc.example.com/submit; ruf=mailto:mailauth-reports@example.com; fo=1; ri=3600" 102 insecure IN TXT "v=DMARC1; p=none; ruf=mailto:mailauth-reports@example.com; fo=d" 103 ``` 104 105 106 ### Parameters 107 108 * `label:` The DNS label for the DMARC record (`_dmarc` prefix is added, default: `"@"`) 109 * `version:` The DMARC version to be used (default: `DMARC1`) 110 * `policy:` The DMARC policy (`p=`), must be one of `"none"`, `"quarantine"`, `"reject"` 111 * `subdomainPolicy:` The DMARC policy for subdomains (`sp=`), must be one of `"none"`, `"quarantine"`, `"reject"` (optional) 112 * `alignmentSPF:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for SPF (`aspf=`, default: `"r"`) 113 * `alignmentDKIM:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for DKIM (`adkim=`, default: `"r"`) 114 * `percent:` Number between `0` and `100`, percentage for which policies are applied (`pct=`, default: `100`) 115 * `rua:` Array of aggregate report targets (optional) 116 * `ruf:` Array of failure report targets (optional) 117 * `failureOptions:` Object or string; Object containing booleans `SPF` and `DKIM`, string is passed raw (`fo=`, default: `"0"`) 118 * `failureFormat:` Format in which failure reports are requested (`rf=`, default: `"afrf"`) 119 * `reportInterval:` Interval in which reports are requested (`ri=`) 120 * `ttl:` Input for `TTL` method (optional) 121 122 ### Caveats 123 124 * TXT records are automatically split using `AUTOSPLIT`. 125 * URIs in the `rua` and `ruf` arrays are passed raw. You must percent-encode all commas and exclamation points in the URI itself.