The process of aligning your email proves to the outside world that a particular vendor or server has been explicitly authorized to send on your organization’s behalf. The big picture is that once you’ve aligned all of the mail you do want delivered, you can instruct email receivers to discard anything that you haven’t approved. Without alignment, degrees of uncertainty are introduced when an email receiver is attempting to confirm the origin and trustworthiness of a message.
As DMARC is a domain-based control, you will need to individually configure each vendor that sends email on your behalf. To do this, you’ll need to access your organization’s DNS and contact vendors to configure them to send aligned email. Each vendor, or source, as we’ve come to call it at dmarcian, will have a slightly different variation on how to configure alignment; these idiosyncrasies are why it’s important to understand how to identify and organize your sources and have an understanding of vendor management relative to your email ecosystem.
Often, third-party vendors will allow you to onboard their solution without the prerequisites for a DMARC project because they don’t want to introduce barriers to entry for their solution. In turn, many vendors have made email authentication optional, though nearly all of them support it. We’ve cataloged and detailed over 1,000 third-party sources, their capabilities, and instructions on how to configure related settings.
Your ultimate goal is to reach as close to 100% alignment as possible with each of your email vendors and then publish an increasingly restrictive DMARC policy of p=quarantine and p=reject. After fulfilling your alignment goal, follow this guide to understand more about each policy and to minimize the impact on legitimate email.