I’ve previously used DMARC records along the following lines:
v=DMARC1; p=reject; rua=mailto:dmarcagg@example.com; ruf=mailto:dmarcfail@example.com; fo=1:d:s
however Webmin’s interface only permits me to set the rua, ruf, p, sp, aspf, adkim, pct values.
I also use the fo variable for more verbose reporting, more info on it here: https://www.zytrax.com/books/dns/ch9/dmarc.html
There’s also multiple permutations for the fo tag depending on what type of reports you want to get, https://mxtoolbox.com/dmarc/details/dmarc-tags/dmarc-failure-reporting-options has more info.
There are further options (rf, ri, and so on) which are also listed on the zytrax page.
It would be useful if either a ‘custom options’ box was added to let you manually append your own variables to the DMARC record, or if all possible DMARC options were added to the web form, perhaps in an ‘Advanced options’ section.
Also, a potential parsing problem - I set up this zone by manually importing existing records from the old server’s BIND install. This was done after the initial domain creation in Webmin.
There was already a DMARC record on the old server, called “_DMARC.example.com” (uppercase DMARC) which was accepted fine.
Webmin apparently didn’t parse this, and when I noticed DMARC was disabled, I enabled DMARC in Webmin. It then made a second record called “_dmarc.example.com” (lowercase) and didn’t touch the old record.
This then makes the domain fail DMARC validation, as you can’t have more than one DMARC record per domain.
