Is the 'sp' tag mandatory in a DMARC record?

The short answer is no, the sp tag is not a mandatory component of a DMARC record. A DMARC record has a few different tags you can use to configure your policy, but only two of them are actually required for the record to be valid.

A DMARC record is a simple text string published in your domain's DNS. As EmailAuth.io puts it, "The text consists of a list of DMARC tags and values separated by semicolons. Some tags are mandatory and some are optional." The mandatory tags are what create the foundation of your DMARC policy.

• v=DMARC1: This is the version tag. It must be the first tag in the record and its value must be DMARC1. This identifies the record as a DMARC policy.
• p=: This is the policy tag. It tells receiving mail servers what to do with messages that fail DMARC checks. The valid values are none, quarantine, or reject.

Zoho Zeptomail says:

Visit website

This is a mandatory tag. P=reject. The mandatory p tag mentions the policy for emails that fail authentication. There are three values that...

Suped DMARC monitor

Free forever, no credit card required

Get started for free

Trusted by teams securing millions of inboxes

The sp tag is the 'subdomain policy' tag. It’s an optional tag that allows you to specify a different DMARC policy for emails sent from subdomains of your main domain. For example, if your main domain is example.com, the sp tag would apply to mail from news.example.com or support.example.com.

DuoCircle says:

Visit website

The DMARC 'sp' tag is short for subdomain policy that allows domain owners to specify how DMARC should manage illegitimate emails sent from their subdomains.

This provides more granular control. You might want a very strict policy for your primary corporate domain but need a more relaxed one for subdomains used by various marketing platforms or support systems.

If you don't include an sp tag in your DMARC record, the policy you set with the p tag will automatically apply to all your subdomains. This is a critical point to understand when setting up your DMARC policy.

Klaviyo Help Center says:

Visit website

It is common for the sp tag to be omitted in a DMARC record, in which case the sp tag defaults to the value of the p tag.

For example, if your DMARC record is v=DMARC1; p=reject;, then any email from your main domain and all of its subdomains that fails DMARC checks will be rejected.

However, if you set your record as v=DMARC1; p=reject; sp=quarantine;, failing messages from the main domain will be rejected, while failing messages from subdomains will be sent to the spam folder instead.

To summarize, the sp tag is not mandatory for a DMARC record to be valid and functional. Only the v and p tags are required. However, the sp tag offers valuable flexibility, allowing you to set a distinct policy for your subdomains. If you choose not to use it, just remember that your subdomains will inherit the policy of your primary domain.