diff --git a/v12.1/config/best-practices/dkim_dmarc_spf/index.html b/v12.1/config/best-practices/dkim_dmarc_spf/index.html index ca3d0825..bb007950 100644 --- a/v12.1/config/best-practices/dkim_dmarc_spf/index.html +++ b/v12.1/config/best-practices/dkim_dmarc_spf/index.html @@ -1818,7 +1818,7 @@

With DMS, DMARC is pre-configured out of the box. You may disable extra and excessive DMARC checks when using Rspamd via ENABLE_OPENDMARC=0.

The only thing you need to do in order to enable DMARC on a "DNS-level" is to add new TXT. In contrast to DKIM, DMARC DNS entries do not require any keys, but merely setting the configuration values. You can either handcraft the entry by yourself or use one of available generators (like this one).

Typically something like this should be good to start with:

-
_dmarc.example.com. IN TXT "v=DMARC1; p=none; sp=none; fo=0; adkim=4; aspf=r; pct=100; rf=afrf; ri=86400; rua=mailto:dmarc.report@example.com; ruf=mailto:dmarc.report@example.com"
+
_dmarc.example.com. IN TXT "v=DMARC1; p=none; sp=none; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; rua=mailto:dmarc.report@example.com; ruf=mailto:dmarc.report@example.com"
 

Or a bit more strict policies (mind p=quarantine and sp=quarantine):

_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; sp=quarantine; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; rua=mailto:dmarc.report@example.com; ruf=mailto:dmarc.report@example.com"