How many emails can I put in one dmarc record's rua attribute?

Question

How many emails can I put in one dmarc record? Is the following invalid because there are three mailto attributes? All the examples I see online have two addresses at most.

"v=DMARC1; p=reject; rua=mailto:pm@dom.com, mailto:dmarc@dom.com, mailto: ex@dom.com"

Answer 1

A few comments.

1. dmarc.org RUA comment

If you request that reports be sent to multiple URIs, the report sender can treat anything more than two recipients as optional. They are also allowed to set their own limit above two if they wish.

2. DNS TXT records are composed of a sequence of strings. "All printable ASCII characters are permitted in the attribute value." (en.wikipedia.org/wiki/TXT_record#Attribute_values) Then, according to the RFC, you can have an arbitrary number of strings, each string might be limited to 255 characters but you can concatenate as many strings as you want.

a single text DNS record (either TXT or SPF RR types) can be composed of more than one string. If a published record contains multiple strings, then the record MUST be treated as if those strings are concatenated together without adding spaces. For example:

IN TXT "v=spf1 .... first" "second string..."

MUST be treated as equivalent to

IN TXT "v=spf1 .... firstsecond string..."

(IETF specification on TXT record concatenation)

(That might be the SPF RFC, but it holds true for all TXT records and happens to be the most concise wording on the topic.)

3. Then there's the next limit. From your URL:

Note that any DNS response which exceeds 512 bytes is slightly undesirable, since in the absence of EDNS0 (which the vast majority of -- but not all -- implementations honor these days), responses which exceed 512 bytes will signal truncation and prompt a retry via TCP. It's optimal to stay within 512 bytes if possible.

There's more discussion here. Why DNS through UDP has a 512 bytes limit?

4. And finally, the last limit, again from your URL (because I can't find it in any RFC):

I don't believe there is any arbitrary limitation on the number of "string"s in a TXT record, but the RDATA itself may not exceed 65535 bytes in total, which is comprised of both the length-bytes and payloads of all "string"s contained therein. That 64K limit is a general restriction on DNS records of all types, not specific to TXT records.

Edit, June 12, 2025:

I'm debating SPF records with a vendor, which led me to this post: The Joy of TXT

Although the post is a few years old at this point, it linked to the raw source data. That led me to find this monster of an SPF record. 30 strings ("60 occurrences of a double-quote character"), somewhere around 7400 characters in a single TXT record. I guess that's one way to limit include's.

weylin@IST-IO-WL-0026:~$ host -t txt indstate.edu 8.8.8.8 | grep 'v=spf1' | wc -c
7417
weylin@IST-IO-WL-0026:~$
weylin@IST-IO-WL-0026:~$
weylin@IST-IO-WL-0026:~$ host -t txt indstate.edu 8.8.8.8 | grep 'v=spf1' | grep -o \" | wc -l
60
weylin@IST-IO-WL-0026:~$
weylin@IST-IO-WL-0026:~$
weylin@IST-IO-WL-0026:~$ host -t txt indstate.edu 8.8.8.8 | grep 'v=spf1'
indstate.edu descriptive text "v=spf1 ip4:139.102.15.0/24 ip4:139.102.3.0/24 ip4:139.102.5.0/24 ip4:139.102.74.52 ip4:216.55.172.0/24 ip4:63.251.246.0/24 ip4:74.116.89.0/24 ip4:74.116.91.0/24 ip4:174.142.116.39 ip4:174.142.116.40 ip4:174.142.116.50 ip4:174.142.116.51 " "ip4:184.107.63.100 ip4:184.107.80.100 ip4:184.107.80.101 ip4:184.107.80.103 ip4:184.107.80.104 ip4:184.107.80.105 ip4:184.107.80.106 ip4:184.107.80.107 ip4:184.107.80.108 ip4:184.107.80.109 ip4:184.107.80.110 ip4:184.107.80.111 ip4:184.107.80.119 " "ip4:184.107.80.123 ip4:139.60.152.0/22 ip4:15.200.201.185 ip4:15.200.21.50 ip4:15.200.44.248 ip4:160.1.62.192 ip4:162.247.216.0/22 ip4:52.222.62.51 ip4:52.222.73.120 ip4:52.222.73.83 ip4:52.222.75.85 ip4:52.222.89.228 ip4:52.61.91.9 ip4:54.186.193.102 " "ip4:64.69.212.0/24 ip4:98.97.248.0/21 ip4:159.183.195.16 ip4:198.187.196.100 ip4:198.187.196.130 ip4:66.172.213.176/28 ip4:66.172.226.72/29 ip4:66.172.233.240/29 ip4:66.172.234.144/28 ip4:66.172.245.80/28 ip4:96.63.184.80/28 ip4:199.127.232.0/22 " "ip4:199.255.192.0/22 ip4:206.55.144.0/20 ip4:216.221.160.0/19 ip4:23.249.208.0/20 ip4:23.251.224.0/19 ip4:24.110.64.0/18 ip4:54.240.0.0/18 ip4:54.240.64.0/18 ip4:69.169.224.0/20 ip4:76.223.128.0/19 ip4:76.223.176.0/20 ip4:62.13.128.0/24 " "ip4:62.13.129.128/25 ip4:62.13.136.0/21 ip4:62.13.144.0/21 ip4:62.13.152.0/21 ip4:64.71.149.160/28 ip4:72.52.72.32/28 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.239.32.0/19 ip4:216.58.192.0/19 ip4:64.233.160.0/19 ip4:66.102.0.0/20 " "ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ip4:108.177.96.0/19 ip4:130.211.0.0/23 " "ip4:172.217.0.0/19 ip4:172.217.128.0/19 ip4:172.217.160.0/20 ip4:172.217.192.0/19 ip4:172.217.32.0/20 ip4:172.253.112.0/20 ip4:172.253.56.0/21 ip4:104.209.145.54 ip4:13.88.170.98 ip4:13.89.129.61 ip4:15.157.154.20 ip4:16.50.78.62 ip4:16.51.180.22 " "ip4:172.203.43.191 ip4:18.189.12.235 ip4:18.196.254.50 ip4:18.198.129.203 ip4:18.210.219.222 ip4:18.219.211.170 ip4:18.220.6.173 ip4:18.222.100.37 ip4:18.233.211.170 ip4:199.87.209.0/24 ip4:20.1.175.150 ip4:20.10.6.183 ip4:20.109.99.74 " "ip4:20.122.187.209 ip4:20.192.29.133 ip4:20.242.106.212 ip4:20.65.115.153 ip4:20.97.237.150 ip4:3.75.50.121 ip4:3.97.56.230 ip4:34.209.22.161 ip4:34.211.36.37 ip4:34.242.34.203 ip4:38.108.186.0/24 ip4:4.53.200.128/26 ip4:4.7.16.128/26 ip4:40.176.107.168 " "ip4:40.176.215.184 ip4:40.86.47.187 ip4:44.240.143.150 ip4:52.165.249.35 ip4:52.179.183.89 ip4:52.19.0.156 ip4:52.214.168.26 ip4:52.252.111.27 ip4:52.52.134.28 ip4:52.52.30.41 ip4:52.62.199.66 ip4:52.63.210.175 ip4:54.203.18.106 ip4:13.111.0.0/16 " "ip4:136.147.135.0/24 ip4:136.147.176.0/24 ip4:136.147.182.0/24 ip4:198.245.81.0/24 ip4:199.122.123.0/24 ip4:103.151.192.0/23 ip4:185.12.80.0/22 ip4:188.172.128.0/20 ip4:192.161.144.0/20 ip4:216.198.0.0/18 ip4:198.2.128.0/24 ip4:198.2.132.0/22 " "ip4:198.2.136.0/23 ip4:198.2.145.0/24 ip4:198.2.177.0/24 ip4:198.2.178.0/23 ip4:198.2.180.0/24 ip4:198.2.186.0/23 ip4:205.201.131.128/25 ip4:205.201.134.128/25 ip4:205.201.136.0/23 ip4:205.201.139.0/24 ip4:44.193.121.189 ip4:52.73.203.75 " "ip4:50.201.64.0/29 ip4:66.85.64.0/23 ip4:47.176.198.32/28 ip4:69.75.152.160/28 ip4:141.193.32.0/23 ip4:143.55.236.0/22 ip4:159.135.132.128/25 ip4:159.135.140.80/29 ip4:161.38.204.0/22 ip4:185.189.236.0/22 ip4:185.211.120.0/22 ip4:185.250.236.0/22 " "ip4:198.244.60.0/22 ip4:204.220.160.0/21 ip4:87.253.232.0/21 ip4:104.130.96.0/28 ip4:146.20.113.0/24 ip4:146.20.191.0/24 ip4:159.135.224.0/20 ip4:166.78.68.0/22 ip4:192.237.158.0/23 ip4:198.61.254.0/23 ip4:209.61.151.0/24 ip4:23.253.182.0/23 " "ip4:69.72.32.0/20 ip4:104.130.122.0/23 ip4:143.55.224.0/21 ip4:143.55.232.0/22 ip4:146.20.112.0/26 ip4:159.112.240.0/20 ip4:161.38.192.0/20 ip4:198.244.48.0/20 ip4:204.220.168.0/21 ip4:204.220.176.0/20 ip4:139.60.0.0/24 ip4:139.60.1.0/24 " "ip4:139.60.2.0/24 ip4:139.60.3.0/24 ip4:149.72.235.96 ip4:159.135.228.232 ip4:159.135.232.65 ip4:161.38.193.170 ip4:161.38.193.223 ip4:161.38.193.230 ip4:161.38.193.235 ip4:161.38.194.153 ip4:161.38.194.172 ip4:161.38.194.198 ip4:198.244.48.135 " "ip4:198.244.56.13 ip4:34.215.115.241 ip4:104.47.0.0/17 ip4:40.107.0.0/16 ip4:40.92.0.0/15 ip4:52.100.0.0/15 ip4:52.102.0.0/16 ip4:52.103.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/51 ip6:2a01:111:f403:c000::/51 " "ip6:2a01:111:f403:f000::/52 ip4:149.72.0.0/16 ip4:159.183.0.0/16 ip4:167.89.0.0/17 ip4:168.245.0.0/17 ip4:192.254.112.0/20 ip4:198.21.0.0/21 ip4:198.37.144.0/20 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:223.165.113.0/24 ip4:223.165.115.0/24 " "ip4:223.165.118.0/23 ip4:223.165.120.0/23 ip4:103.237.104.0/22 ip4:130.248.172.0/24 ip4:130.248.173.0/24 ip4:185.28.196.0/22 ip4:192.28.128.0/18 ip4:199.15.212.0/22 ip4:37.188.97.188 ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24 " "ip4:72.32.243.0/24 ip4:94.236.119.0/26 ip4:141.193.208.0/23 ip4:13.75.174.156 ip4:157.55.136.93 ip4:204.8.10.114 ip4:205.139.104.0/22 ip4:205.139.105.48/29 ip4:206.79.6.128/26 ip4:208.40.241.140/30 ip4:216.235.195.0/24 ip4:216.235.196.0/22 " "ip4:216.235.197.198 ip4:216.235.200.0/21 ip4:216.37.18.6 ip4:51.132.24.176 ip4:64.209.141.221 ip4:159.112.242.162 ip4:159.135.228.10 ip4:166.78.68.221 ip4:167.89.46.159 ip4:167.89.64.9 ip4:167.89.65.0 ip4:167.89.65.100 ip4:167.89.65.53 ip4:167.89.74.233 " "ip4:167.89.75.126 ip4:167.89.75.136 ip4:167.89.75.164 ip4:167.89.75.33 ip4:192.237.159.42 ip4:192.237.159.43 ip4:198.244.56.107 ip4:198.244.56.108 ip4:198.244.56.109 ip4:198.244.56.111 ip4:198.244.56.112 ip4:198.244.56.113 ip4:198.244.56.114 " "ip4:198.244.56.115 ip4:204.220.181.105 ip4:23.253.182.103 ip4:23.253.183.145 ip4:23.253.183.146 ip4:23.253.183.147 ip4:23.253.183.148 ip4:23.253.183.150 ip4:13.237.211.159 ip4:13.56.61.123 ip4:192.174.90.242 ip4:23.251.243.14/31 ip4:23.251.243.60/30 " "ip4:23.251.243.64/30 ip4:23.251.243.68/31 ip4:23.251.243.70 ip4:3.128.220.127 ip4:3.128.236.80 ip4:3.139.232.78 ip4:3.17.21.10 ip4:3.17.232.9 ip4:3.216.118.133 ip4:3.223.100.88 ip4:3.228.38.108 ip4:3.86.234.67 ip4:34.198.24.3 ip4:34.200.182.36 " "ip4:34.230.162.194 ip4:35.182.61.240 ip4:50.18.89.44 ip4:52.35.81.117 ip4:52.42.205.164 ip4:54.151.112.86 ip4:54.154.213.30 ip4:54.214.32.131 ip4:54.240.107.23 ip4:54.240.107.24 ip4:54.240.107.25 ip4:54.240.107.26 ip4:54.240.107.27 ip4:54.240.107.28 " "ip4:54.240.107.29 ip4:54.240.107.30 ip4:54.240.107.31 ip4:54.240.107.32 ip4:54.240.107.33 ip4:54.240.107.34 ip4:54.240.107.35 ip4:54.240.70.149 ip4:54.240.70.150 ip4:54.240.71.38/31 ip4:54.240.72.45 ip4:54.240.72.46/31 ip4:54.240.72.48/29 " "ip4:54.240.72.55 ip4:54.240.80.147 ip4:54.240.80.148 ip4:54.240.80.149 ip4:54.240.80.150 ip4:54.240.80.151 ip4:54.240.80.152 ip4:54.240.80.153 ip4:54.240.80.154 ip4:54.240.80.155 ip4:54.240.80.156 ip4:54.240.80.157 ip4:54.240.80.158 ip4:54.240.80.159 " "ip4:54.240.94.192/31 ip4:54.240.94.231 ip4:54.240.94.232/29 ip4:54.240.94.236 ip4:54.240.94.240/31 ip4:63.32.233.163 ip4:76.223.130.1 ip4:76.223.130.10 ip4:76.223.130.11 ip4:76.223.130.12 ip4:76.223.130.13 ip4:76.223.130.2 ip4:76.223.130.3 " "ip4:76.223.130.4 ip4:76.223.130.5 ip4:76.223.130.6 ip4:76.223.130.7 ip4:76.223.130.8 ip4:76.223.130.9 ip4:18.214.202.42 ip4:3.209.136.136 ip4:3.222.163.189 ip4:3.230.80.180 ip4:52.22.92.184 ip4:54.221.113.116 -all"
weylin@IST-IO-WL-0026:~$

Answer 2

There does not appear to be a limit to the number of emails you can use in the dmarc rua attribute. However, the size limit of a TXT record in DNS is 255 characters, according to Max. Number of char in a TXT Record so the upper bound on number of emails is limited by that.

I successfully used four emails in my dmarc record, but a better practice is to use one service account and set email forwarding from there. This prevents the need to update DNS records every time an employee changes jobs for example.