dnscontrol/docs/_functions/record/DMARC_BUILDER.md

---
name: DMARC_BUILDER
parameters:
  - label
  - version
  - policy
  - subdomainPolicy
  - alignmentSPF
  - alignmentDKIM
  - percent
  - rua
  - ruf
  - failureOptions
  - failureFormat
  - reportInterval
  - ttl
parameters_object: true
parameter_types:
  label: string?
  version: string?
  policy: "'none' | 'quarantine' | 'reject'"
  subdomainPolicy: "'none' | 'quarantine' | 'reject'?"
  alignmentSPF: "'strict' | 's' | 'relaxed' | 'r'?"
  alignmentDKIM: "'strict' | 's' | 'relaxed' | 'r'?"
  percent: number?
  rua: string[]?
  ruf: string[]?
  failureOptions: "{ SPF: boolean, DKIM: boolean } | string?"
  failureFormat: string?
  reportInterval: Duration?
  ttl: Duration?
---

DNSControl contains a `DMARC_BUILDER` which can be used to simply create
DMARC policies for your domains.


## Example

### Simple example

```js
DMARC_BUILDER({
  policy: 'reject',
  ruf: [
    'mailto:mailauth-reports@example.com',
  ],
})
```

This yield the following record:

```text
@   IN  TXT "v=DMARC1; p=reject; ruf=mailto:mailauth-reports@example.com"
```

### Advanced example

```js
DMARC_BUILDER({
  policy: 'reject',
  subdomainPolicy: 'quarantine',
  percent: 50,
  alignmentSPF: 'r',
  alignmentDKIM: 'strict',
  rua: [
    'mailto:mailauth-reports@example.com',
    'https://dmarc.example.com/submit',
  ],
  ruf: [
    'mailto:mailauth-reports@example.com',
  ],
  failureOptions: '1',
  reportInterval: '1h',
}),

DMARC_BUILDER({
  label: 'insecure',
  policy: 'none',
  ruf: [
    'mailto:mailauth-reports@example.com',
  ],
  failureOptions: {
      SPF: false,
      DKIM: true,
  },
})
```

This yields the following records:

```text
@           IN  TXT "v=DMARC1; p=reject; sp=quarantine; adkim=s; aspf=r; pct=50; rua=mailto:mailauth-reports@example.com,https://dmarc.example.com/submit; ruf=mailto:mailauth-reports@example.com; fo=1; ri=3600"
insecure    IN  TXT "v=DMARC1; p=none; ruf=mailto:mailauth-reports@example.com; fo=d"
```


### Parameters

* `label:` The DNS label for the DMARC record (`_dmarc` prefix is added, default: `'@'`)
* `version:` The DMARC version to be used (default: `DMARC1`)
* `policy:` The DMARC policy (`p=`), must be one of `'none'`, `'quarantine'`, `'reject'`
* `subdomainPolicy:` The DMARC policy for subdomains (`sp=`), must be one of `'none'`, `'quarantine'`, `'reject'` (optional)
* `alignmentSPF:` `'strict'`/`'s'` or `'relaxed'`/`'r'` alignment for SPF (`aspf=`, default: `'r'`)
* `alignmentDKIM:` `'strict'`/`'s'` or `'relaxed'`/`'r'` alignment for DKIM (`adkim=`, default: `'r'`)
* `percent:` Number between `0` and `100`, percentage for which policies are applied (`pct=`, default: `100`)
* `rua:` Array of aggregate report targets (optional)
* `ruf:` Array of failure report targets (optional)
* `failureOptions:` Object or string; Object containing booleans `SPF` and `DKIM`, string is passed raw (`fo=`, default: `'0'`)
* `failureFormat:` Format in which failure reports are requested (`rf=`, default: `'afrf'`)
* `reportInterval:` Interval in which reports are requested (`ri=`)
* `ttl:` Input for `TTL` method (optional)

### Caveats

* TXT records are automatically split using `AUTOSPLIT`.
* URIs in the `rua` and `ruf` arrays are passed raw. You must percent-encode all commas and exclamation points in the URI itself.