Do you want Relaxed or Strict mechanisms?
Here, you can choose the Identifier Alignment for each mechanism.


What percentage of email do you want to apply this to?
DMARC allows users to slowly ramp their policy by allowing users to apply the given DMARC policy to a specific percentage of email flows. If you specify a percent other than 100, your DMARC policy will only be applied to the given percentage of your messages.

When do you want to generate Forensic Reports?
When both SPF and DKIM fail.
When either SPF or DKIM fails.
When DKIM fails.
When SPF fails.

Where do you want failure reports sent?
Individual Failure Reports, or Forensic Reports, are copies of individual pieces of email that fail the DMARC check. These reports are not required or necessary for DMARC deployment, but may give further insight into how your domain may be being abused. You can add multiple email addresses with commas.

DMARC Tags

Tag	Description
v (required)	The only allowed value for the version tag is "DMARC1". If it's incorrect or the tag is missing, the DMARC record will be ignored.
p (required)	The allowed values for the DMARC policy are "none", "quarantine", or "reject". The default is "none," which takes no action against non-authenticated emails. It only helps collect DMARC reports and gain insight into your current email flows and their authentication status. "quarantine" marks the failed emails as suspicious, while "reject" blocks them.
rua	The aggregate report sending destination "mailto:" URI is what ESPs use to send failure reports. The tag is optional, but you won’t receive any reports if you skip it.
ruf	The forensic (failure) report sending destincation "mailto:" URI is what ESPs use to send failure reports. The tag is optional, but you won’t receive any reports if you skip it.
sp	The subdomain inherits the domain DMARC policy tag (p=) explained above unless specifically defined here. Like the domain DMARC policy, the allowed values for subdomain DMARC policy are "none," "quarantine," or "reject".
adkim	The DKIM signature alignment tag follows the alignment between the DKIM domain and the parent Header From domain. Allowed values are "r" (relaxed) or "s" (strict). "r" is the default and allows a partial match, while the "s" tag requires the domains to be the same.
aspf	The SPF alignment tag follows the alignment between the SPF domain (the sender) and the Header From domain. Allowed values are "r" (relaxed) or "s" (strict). "r" is the default, and allows a partial match, while the "s" tag requires the domains to be exactly the same.
fo	The allowed values for forensic (failure) reporting options are "0," "1," "d," and "s." "0" is the default value, which generates a forensic report when both SPF and DKIM fail to produce an aligned pass. If either of the protocol outcome is something other than pass, use "1." "d" generates a report when DKIM is invalid, while "s" does the same for SPF. Define the ruf tag to receive forensic (failure) reports.
rf	The allowed values for the reporting format for forensic (failure) reports are "afrf" and "iodef".
pct	The percentage tag works on domains with "quarantine" or "reject" policy only. It marks the percentage of failed emails a given policy should be applied to. The rest falls under a lower policy. For example, if "pct=70," on a domain with "quarantine" policy, it applies only 70% of the time. The remaining 30% goes under "p=none". Similarly, if "p=reject" and "pct=70," "reject" applies to the 70% of failed emails, and the 30% go into "quarantine".
ri	The reporting interval marks the frequency of received XML reports in seconds. The default is 86400 (once a day). Regardless of the set interval, in most cases, ISPs send the reports at different intervals (usually once a day).