Domain Groups are a way for you to conceptually organize your domains. You can create new groups by clicking
( add a domain group).
Each domain group contains a Group Management tab which will allow you to add, remove or reorganize your groups and domains.
All domain DNS data is refreshed automatically every 24 hours. If you have made changes to your DNS and don't see the changes picked up, you can click the button to pick up any recent changes.
Parked domains are domains that you manage but are not responsible for sending or receiving email. If your organization has any parked domains, we recommend creating a domain group specifically for them. After creating the Domain Group, check "Group is for parked domains" under the Group Management setting.
To remove a domain from your catalogue, click the icon beside the domain you would like to remove, or select multiple domains under the Group Management tab. Deletion requires validation.
Now that you've got domains in your catalogue, it's time to start publishing records and collecting data. This free and simple process can be accomplished in two steps.
1) Publish DMARC Records
We recommend starting with a simple record that won't affect your email flows. The following record can be published to your DNS to tell providers to generate feedback for your domain without impacting email delivery.
To publish your DMARC record, log into your DNS management console and navigate to the domain you would like to publish the record for.
Use the following settings: Hostname/Label: _dmarc (underscore required!) Type: TXT Target/Value: v=DMARC1; p=none; rua=mailto:email@example.com;
The following domains in your catalogue do not currently have DMARC records.
DNS Console Location
2) Collect Data
Once your DMARC records are in place, DMARC reports will be automatically sent to the address in your RUA tag.
When you have some DMARC data about your domain, you can start collecting data and begin the process of identifying legitimate mail sources.
You don't have any domains that are ready to start getting DMARC compliant. Once you publish dmarc records and begin collecting data, you can start to align your sources of email with DMARC.
Now that you've got DMARC records in place and you've started to collect data on how your email domain is being used across the internet, it's time to align your sources of mail with DMARC
So far, we've identified 1 sources of mail.
It's important to get all of your sources of mail as close to 100% DMARC compliant as possible.
Sources are various organizations and departments that send email on behalf of your domains. To get insight into these sources, use the Source Viewer to see different sources and their compliance across SPF, DKIM
We recommend not publishing any type of policy that will affect your email flows until all of your domain's sources DMARC compliance are at least 98%.
Once your sources are DMARC compliant, it's time to publish a policy.
Enforce your policy more and more aggresively and observe the impacts.
Once you've fully enforced a policy without problems, you're ready to tell the world to reject the bad stuff.
Before telling receivers to outright reject email, we recommend publishing varying policies to ensure that your email flows are not negatively impacted.
Depending on your organizations structure, complexity, number of sources, or volume, we suggest publishing a quarantine and/or reject policy at different intervals to avoid outright rejecting unexpected sources of legitimate email.
Use the Policy Planner to determine when and how to ramp up your policy.
After publishing or altering a policy, it's important to give your email streams time to be impacted so you can get an accurate picture of how your policy may be affecting your email flows.
Using the Authentiscope, you can see how this your policy is impacting messages sent from your domain.
After observing the impacts, you may be ready to enforce this policy on larger percentage of your volume in accordance with your policy ramp schedule.
Once you've ensured that aggresive policies will not negatively impact your email streams, you can lock down your domain by updating your domain to the following:
Publishing a 100% reject policy for your domain will cause all non-compliant messages to be rejected by receivers. Spoofing attempts on your domain will no longer be accepted.
Monitor & Maintain
You don't have any domains with a reject policy.
0 Protected Domains
You currently have no domains with a policy of p=reject.
All Rejected domains are sending compliant mail
Want to receive reports about your domains status, or to get notifications when deployment or compiance changes occur, become a subscriber. Subscribing allows access to extra dmarcian features as well as supporting our mission to help deploy DMARC worldwide.