stackexchange-dnscontrol/documentation/functions/record/DMARC_BUILDER.md

---
name: DMARC_BUILDER
parameters:
  - label
  - version
  - policy
  - subdomainPolicy
  - alignmentSPF
  - alignmentDKIM
  - percent
  - rua
  - ruf
  - failureOptions
  - failureFormat
  - reportInterval
  - ttl
parameters_object: true
parameter_types:
  label: string?
  version: string?
  policy: "'none' | 'quarantine' | 'reject'"
  subdomainPolicy: "'none' | 'quarantine' | 'reject'?"
  alignmentSPF: "'strict' | 's' | 'relaxed' | 'r'?"
  alignmentDKIM: "'strict' | 's' | 'relaxed' | 'r'?"
  percent: number?
  rua: string[]?
  ruf: string[]?
  failureOptions: "{ SPF: boolean, DKIM: boolean } | string?"
  failureFormat: string?
  reportInterval: Duration?
  ttl: Duration?
---

DNSControl contains a `DMARC_BUILDER` which can be used to simply create
DMARC policies for your domains.


## Example

### Simple example

{% code title="dnsconfig.js" %}
```javascript
DMARC_BUILDER({
  policy: "reject",
  ruf: [
    "mailto:mailauth-reports@example.com",
  ],
})
```
{% endcode %}

This yield the following record:

```text
@   IN  TXT "v=DMARC1; p=reject; ruf=mailto:mailauth-reports@example.com"
```

### Advanced example

{% code title="dnsconfig.js" %}
```javascript
DMARC_BUILDER({
  policy: "reject",
  subdomainPolicy: "quarantine",
  percent: 50,
  alignmentSPF: "r",
  alignmentDKIM: "strict",
  rua: [
    "mailto:mailauth-reports@example.com",
    "https://dmarc.example.com/submit",
  ],
  ruf: [
    "mailto:mailauth-reports@example.com",
  ],
  failureOptions: "1",
  reportInterval: "1h",
});
```
{% endcode %}

{% code title="dnsconfig.js" %}
```javascript
DMARC_BUILDER({
  label: "insecure",
  policy: "none",
  ruf: [
    "mailto:mailauth-reports@example.com",
  ],
  failureOptions: {
      SPF: false,
      DKIM: true,
  },
});
```
{% endcode %}

This yields the following records:

```text
@           IN  TXT "v=DMARC1; p=reject; sp=quarantine; adkim=s; aspf=r; pct=50; rua=mailto:mailauth-reports@example.com,https://dmarc.example.com/submit; ruf=mailto:mailauth-reports@example.com; fo=1; ri=3600"
insecure    IN  TXT "v=DMARC1; p=none; ruf=mailto:mailauth-reports@example.com; fo=d"
```


### Parameters

* `label:` The DNS label for the DMARC record (`_dmarc` prefix is added, default: `"@"`)
* `version:` The DMARC version to be used (default: `DMARC1`)
* `policy:` The DMARC policy (`p=`), must be one of `"none"`, `"quarantine"`, `"reject"`
* `subdomainPolicy:` The DMARC policy for subdomains (`sp=`), must be one of `"none"`, `"quarantine"`, `"reject"` (optional)
* `alignmentSPF:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for SPF (`aspf=`, default: `"r"`)
* `alignmentDKIM:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for DKIM (`adkim=`, default: `"r"`)
* `percent:` Number between `0` and `100`, percentage for which policies are applied (`pct=`, default: `100`)
* `rua:` Array of aggregate report targets (optional)
* `ruf:` Array of failure report targets (optional)
* `failureOptions:` Object or string; Object containing booleans `SPF` and `DKIM`, string is passed raw (`fo=`, default: `"0"`)
* `failureFormat:` Format in which failure reports are requested (`rf=`, default: `"afrf"`)
* `reportInterval:` Interval in which reports are requested (`ri=`)
* `ttl:` Input for `TTL` method (optional)

### Caveats

* TXT records are automatically split using `AUTOSPLIT`.
* URIs in the `rua` and `ruf` arrays are passed raw. You must percent-encode all commas and exclamation points in the URI itself.