HelpSystems acquires Agari. Learn more >
Contact Us

  • DMARC Record Found: NSF.gov

DMARC Record Found: NSF.gov

v=DMARC1;p=reject; fo=1; pct=100;rua=mailto:dmarcemails@nsf.gov,mailto:reports@dmarc.cyber.dhs.gov; ruf=mailto:fremailsdmarc@nsf.gov,mailto:reports@dmarc.cyber.dhs.gov;

Discovered Tags

The tags and their definitions pulled from the record for NSF.gov

Tags Value Description
p reject DMARC receivers will report statistics about messages from this domain, and will reject messages which fail DMARC Authentication. Rejected messages will not reach a user's mailbox.
pct 100 The reject policy will apply to 100% of unauthenticated messages from this domain.
rua dmarcemails@nsf.gov and reports@dmarc.cyber.dhs.gov DMARC aggregate data about messages from this domain will be emailed to dmarcemails@nsf.gov and reports@dmarc.cyber.dhs.gov.
ruf fremailsdmarc@nsf.gov and reports@dmarc.cyber.dhs.gov Samples of messages failing either DMARC-SPF or DMARC-DKIM will be emailed to fremailsdmarc@nsf.gov and reports@dmarc.cyber.dhs.gov if the email receiver supports this feature of the DMARC specification.
Modify DMARC Record Create BIMI Record
Modify DMARC Record
Fill out this form to create or modify a DMARC record.
All fields marked * are required.

The domain name for which you are creating or modifying a DMARC record. You can enter a single domain or a comma separated list of domain names.

DMARC specifies 3 different possible policy actions to assign to messages which fail DMARC checks. If you are new to publishing a DMARC policy, you should begin with a policy of Monitor only (p=None) so that you can collect and analyze data without affecting your email traffic.

  • Monitor only – (most lenient) Tells receivers to take no special action on failing messages, but send DMARC data to the specified reporting addresses.
  • Quarantine – (more strict) Tells receivers to place messages which fail DMARC into the recipient’s spam folder or other quarantined area where the message may be reviewed with suspicion.
  • Reject – (most strict) Tells receivers to reject any messages which fail DMARC and report on the action in DMARC data. Rejected messages will never be available to the recipient.

Agari's DMARC Builder sets Agari's reporting address by default for both aggregate reports and forensic data. You can specify another address in addition to Agari's address and both will appear in the DMARC record. DMARC receivers should send reporting data to both addresses.

Caution! Forensic data is a real time flow of messages failing DMARC. Data volumes can be very high and very sporadic. Adding your own reporting address here may cause problems with your local mail server.

Advanced settings

While the DMARC specification allows both AFRF and IODEF formats for foresnix reports, currently the only format sent by DMARC receivers is AFRF.


Relaxed alignment allows for the DKIM signing domain and header from domain to be sub-domains of each other. Strict alignment requires the two domains be an exact match.

% of Policy

The percentage of messages from the domain for which the policy will be applied. For example, if you specify a "reject" policy and 50%, then the reject policy will only be applied to a random 50% of the messages failing DMARC Authentication by the receiver.

Every hours

While the DMARC specification allows you to request DMARC aggregate reports in different time intervals, in reality all current DMARC implementations only send reports in 24 hour increments.

By default, a domain's DMARC policy applies to all of its sub-domains. DMARC allows you to apply a different policy to sub-domains if you wish; however, whichever sub-domain policy you specify will apply to all sub-domains. If you want a different policy for specific sub-domains, publish a DMARC record specifically for that sub-domain.


You can instruct DMARC receivers under which failure conditions you would like to receive forensic reports. Agari will set this to send reports for any SPF or DKIM failure by default. You can change this to send reports only if both SPF and DKIM fail.

Please complete the required fields.
MORE TOOLS BY AGARI
Look Up or Generate BIMI Record

Use this tool to look up a BIMI record or to create one with an approved logo.

Learn More
Look Up DKIM Record

Use this tool to validate the domain and selector has a published DKIM record.

Learn More
Look Up SPF Record

Use this tool to see which servers are authorized to send email for a domain.

Learn More
AGARI SOLUTIONS
By Threat

Protect on-premise, cloud-based, and hybrid email services.

Learn More
By Industry

Model industry-leading email security best practices.

Learn More
By Role

Ensure email security knowledge across the company.

Learn More
View All Solutions

Learn More About DMARC

What is DMARC?

DMARC is an open email authentication standard. It works in conjunction with SPF and DKIM and is the only way for email senders to tell email receivers that the email they are sending are truly from them. DMARC enables senders to authenticate all legitimate email messages, publish a policy on how ISPs should dispose of inauthentic messages, and gain intelligence on the use of their email domains. For more information, download Getting Started with DMARC.

How Can I Implement DMARC?

Agari Brand Protection™ optimizes the implementation and administration of the DMARC standard to eliminate phishing attacks and brand abuse targeting customers and citizens. The product provides unique sender discovery and domain analysis tools to enable organizations to comprehensively identify, manage, and maintain governance over their email senders. To see how Agari Brand Protection can help your organization, request a demo.

Mail Letter

Would you like the confidence to trust your inbox?

Contact Us Get a Demo
Please complete the form to view.
Download the PDF