In this article, you will find the steps you need to take in order to get started with OnDMARC and reach a policy of DMARC reject (i.e. full protection) on all your domains.
1. You can sign up to OnDMARC using this link.
2. Start adding all your domains, both active and inactive domains. You can do so manually and add each domain one by one, or bulk add domains using a CSV file.
You will initially have a 14-day trial period during which you can use all of the available features of OnDMARC.
3. After you type your domain, you will be taken through our wizard where we will analyze your existing authentication status and ask you whether you would like to manage SPF, DKIM, DMARC and MTA-STS manually in your DNS, or utilize our Dynamic Services feature (default choice).
Once you click on Next, you will be shown the required smart DMARC record that you need to publish in your DNS, in order to start reporting to OnDMARC and also manage the DMARC protocol from within OnDMARC.
For more information on Dynamic Services and how to delegate the rest of the protocols too, please click here.
4. If your DMARC record has been set up correctly, the domain will be shown as reporting (example below), and your first DMARC reports will arrive within 24 hours.
5. To view the reports that may have arrived for your domain, you need to go to the DMARC reports section as shown below. This is where you will see the sources that send emails on your behalf and information about those sources such as the Email Volume, Compliance, SPF and DKIM pass rates, Reputation etc.
6. From the DMARC Reports, you can start classifying your legitimate sources of email (the ones that you use for sending emails) as Assets, by using the tickbox to the left of each source.
Once you classify a source as an Asset, it will be added to your Email Sources page, for the domain in question.
7. All of your Assets must then be configured with SPF and/or DKIM (if not already configured). A focus on DKIM is recommended as it is a more resilient protocol than SPF, and can help when your emails are auto-forwarded by your recipients.
Steps 5-7 can be repeated as more reports are received and until you have correctly configured all of your sources with SPF and DKIM. The Actions section should be monitored regularly and suggested actions need to be taken.
This is an ongoing process until you reach 100% DMARC reject policy. Once you are ready, OnDMARC will suggest that the DMARC record for your domains can be changed to a reject policy.
To learn more about SPF, DKIM, DMARC, and OnDMARC, please click on the button below. Our knowledge base contains a large amount of information with regard to the protocols and other OnDMARC features that we provide.
If you have further questions you can reach us via our chat option inside our product or alternatively, if you have not yet signed up for OnDMARC, through the contact form on our website.