It's a common question, especially for those new to email authentication. While there are strict character limits for DNS records, they rarely affect DMARC. The confusion often comes from limitations associated with other record types, like SPF and DKIM, which are also stored as TXT records.
The short answer is that a DMARC record itself is highly unlikely to exceed any character limits. However, the underlying DNS technology it relies on, the TXT record, does have some important constraints to understand.
The 255-character string limit
The most important rule for TXT records is that a single text string cannot be longer than 255 characters. This is a fundamental part of the DNS specification. If you need to store more than 255 characters in a single TXT record, you must break the value down into multiple double-quoted strings, each 255 characters or less.
Many modern DNS providers handle this automatically. When you paste a long value into their interface, they will split it into compliant 255-character chunks behind the scenes. This is why you often see this issue arise with DKIM keys, which can be very long, but less so with DMARC.
Total TXT record size
While each string is limited to 255 characters, you can combine multiple strings to create a much larger TXT record. The total maximum size of a TXT record can vary by DNS provider. For example, Amazon Route 53 allows a maximum length of 4,000 characters, while Cloudflare notes a limit of 2,048 characters.
This splitting mechanism is what allows for very long DKIM keys or complex SPF records to exist within the constraints of the DNS system.
How does this apply to DMARC?
A typical DMARC record is quite short. Even with multiple reporting addresses, it's very difficult to get close to the 255-character limit, let alone the total size limit of a TXT record. Here's a fairly standard DMARC record:
- v=DMARC1; p=none; rua=mailto:dmarc-reports@example.com; ruf=mailto:forensic-reports@example.com; sp=quarantine; adkim=s; aspf=s; pct=100;
This entire record is only 156 characters long, well under the 255-character limit for a single string. You would need to add many more reporting addresses or use very long email addresses to approach the limit.
Why the confusion with SPF?
The character limit is a more frequent topic of conversation for SPF records. According to RFC 7208, an SPF record is defined as a single string of text, which implies the 255-character limit is a hard stop. While some providers support splitting SPF records into multiple strings just like any other TXT record, it's not universally supported and can cause validation issues. Furthermore, SPF records are also constrained by a maximum of 10 DNS lookups, which is often a more pressing limitation for large organizations.
Conclusion
In practice, you do not need to worry about the character limit for your DMARC record. The key points are:
- Single String Limit: A single string in a TXT record cannot exceed 255 characters.
- Total Record Size: You can combine multiple strings to create a larger record, often up to 2,048 or more characters, depending on your DNS host.
- DMARC is Safe: Standard DMARC policies are very short and will not come close to these limits.
The character limits are a feature of the DNS system itself, but for the specific task of creating a DMARC policy, they are a non-issue.
Is a DMARC record mandatory for email sending?
Can DMARC policies be applied without an SPF or DKIM record?
What is the DMARC version specified by the 'v' tag?
What is the maximum 'pct' value in a DMARC record?
Can multiple 'rua' URIs be specified in a DMARC record?
What DNS record type is used for DMARC?
