--- name: DMARC_BUILDER parameters: - label - version - policy - subdomainPolicy - alignmentSPF - alignmentDKIM - percent - rua - ruf - failureOptions - failureFormat - reportInterval - ttl parameters_object: true parameter_types: label: string? version: string? policy: "'none' | 'quarantine' | 'reject'" subdomainPolicy: "'none' | 'quarantine' | 'reject'?" alignmentSPF: "'strict' | 's' | 'relaxed' | 'r'?" alignmentDKIM: "'strict' | 's' | 'relaxed' | 'r'?" percent: number? rua: string[]? ruf: string[]? failureOptions: "{ SPF: boolean, DKIM: boolean } | string?" failureFormat: string? reportInterval: Duration? ttl: Duration? --- DNSControl contains a `DMARC_BUILDER` which can be used to simply create DMARC policies for your domains. ## Example ### Simple example {% code title="dnsconfig.js" %} ```javascript DMARC_BUILDER({ policy: "reject", ruf: [ "mailto:mailauth-reports@example.com", ], }) ``` {% endcode %} This yield the following record: ```text @ IN TXT "v=DMARC1; p=reject; ruf=mailto:mailauth-reports@example.com" ``` ### Advanced example {% code title="dnsconfig.js" %} ```javascript DMARC_BUILDER({ policy: "reject", subdomainPolicy: "quarantine", percent: 50, alignmentSPF: "r", alignmentDKIM: "strict", rua: [ "mailto:mailauth-reports@example.com", "https://dmarc.example.com/submit", ], ruf: [ "mailto:mailauth-reports@example.com", ], failureOptions: "1", reportInterval: "1h", }); ``` {% endcode %} {% code title="dnsconfig.js" %} ```javascript DMARC_BUILDER({ label: "insecure", policy: "none", ruf: [ "mailto:mailauth-reports@example.com", ], failureOptions: { SPF: false, DKIM: true, }, }); ``` {% endcode %} This yields the following records: ```text @ IN TXT "v=DMARC1; p=reject; sp=quarantine; adkim=s; aspf=r; pct=50; rua=mailto:mailauth-reports@example.com,https://dmarc.example.com/submit; ruf=mailto:mailauth-reports@example.com; fo=1; ri=3600" insecure IN TXT "v=DMARC1; p=none; ruf=mailto:mailauth-reports@example.com; fo=d" ``` ### Parameters * `label:` The DNS label for the DMARC record (`_dmarc` prefix is added, default: `"@"`) * `version:` The DMARC version to be used (default: `DMARC1`) * `policy:` The DMARC policy (`p=`), must be one of `"none"`, `"quarantine"`, `"reject"` * `subdomainPolicy:` The DMARC policy for subdomains (`sp=`), must be one of `"none"`, `"quarantine"`, `"reject"` (optional) * `alignmentSPF:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for SPF (`aspf=`, default: `"r"`) * `alignmentDKIM:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for DKIM (`adkim=`, default: `"r"`) * `percent:` Number between `0` and `100`, percentage for which policies are applied (`pct=`, default: `100`) * `rua:` Array of aggregate report targets (optional) * `ruf:` Array of failure report targets (optional) * `failureOptions:` Object or string; Object containing booleans `SPF` and `DKIM`, string is passed raw (`fo=`, default: `"0"`) * `failureFormat:` Format in which failure reports are requested (`rf=`, default: `"afrf"`) * `reportInterval:` Interval in which reports are requested (`ri=`) * `ttl:` Input for `TTL` method (optional) ### Caveats * TXT records are automatically split using `AUTOSPLIT`. * URIs in the `rua` and `ruf` arrays are passed raw. You must percent-encode all commas and exclamation points in the URI itself.