Steps to set up and implement a DMARC record
Contact your company's Domain Name System (DNS) administrator.
Ask your DNS administrator to create a TXT record in DNS for _dmarc.[your-domain] with your DMARC record.
Use the following syntax in the DMARC TXT record:
v=DMARC1; p=none; fo=1; rua=mailto:enter
your email address; ruf=enter your email address
Be sure to enter your email addresses after "mailto:". These addresses are where the reports are sent.
If you are working with an ESP or other third party who will receive the DMARC reports on your behalf, ask your account representative which email addresses you should use.
This is the suggested record for when you first implement DMARC.
v=DMARC1 indicates the protocol version.
The suggested DMARC record above includes a monitor policy (p=none). This means that you are not instructing mailbox providers to take any action with your email that fails authentication.
fo lets mailbox providers know you want message samples of emails that failed either SPF and/or DKIM. For the value:
Use 0 to receive a report if both SPF and DKIM fail. (default)
Use 1 to receive a report if either SPF or DKIM fail. (recommended)
rua contains the address where you want to receive aggregate reports.
ruf contains the address where you want to receive forensic reports.
To begin receiving DMARC reports without impacting your current email program, we suggest publishing the record with p=none.
Make sure you have at least an A record, Mail Exchange (MX) record, or AAAA record in the DNS for the domain if you plan on using it to send email.
After you implement DMARC, we recommend that you monitor your domains for at least 30 days. This can help you make sure that your own legitimate email is authenticating correctly before you decide to implement a reject (p=reject) or quarantine (p=quarantine) policy.
Reporting destination information
DMARC supports the ability to send reports to multiple destination addresses. However, you should avoid using more than two different destinations as many mailbox providers do not send reports to more than two.
In the case that multiple email addresses are needed for DMARC reports, each destination must be outlined within the RUA and RUF statement blocks in the DMARC record. Additionally, each destination needs to be delineated with a comma within the RUA and RUF blocks.
Note: Do not list multiple RUA and RUF statements otherwise your DMARC record will be considered incorrect and reports will not be generated.
Correct DMARC record example with multiple reporting destinations:
Incorrect DMARC record example with multiple reporting destinations: