OnDMARC

Start with DMARC policy of p=none;

Look at the Reports / Senders / Unknown tab daily and classify senders

Focus on your TOP 5 to 10 valid senders. Sort by email volume and see who the top senders are to help your decision making

Speak to your teams internally to find out for certain that sending sources are valid or invalid

Follow Configuration actions for all of your Assets (found in the Actions tab) to set up SPF and DKIM

Populate the Email Sources menu for each Asset so it can be properly monitored.

Mark other sources as threats if you are confident they are not valid

Once all valid senders are identified, monitor the traffic and change the DMARC policy to p=quarantine.

Continue to monitor and if everything is properly configured then change your policy straight to p=reject or to p=quarantine first if you would like to slowly ramp up the policy.

- Start with DMARC policy of p=none;
- Look at the Reports / Senders / Unknown tab daily and classify senders
- Focus on your TOP 5 to 10 valid senders. Sort by email volume and see who the top senders are to help your decision making
- Speak to your teams internally to find out for certain that sending sources are valid or invalid
- Follow Configuration actions for all of your Assets (found in the Actions tab) to set up SPF and DKIM
- Populate the Email Sources menu for each Asset so it can be properly monitored.
- Mark other sources as threats if you are confident they are not valid
- Once all valid senders are identified, monitor the traffic and change the DMARC policy to p=quarantine.
- Continue to monitor and if everything is properly configured then change your policy straight to p=reject or to p=quarantine first if you would like to slowly ramp up the policy.

Set DMARC record to: v=DMARC1; p=reject;

- Set SPF record to: v=spf1 -all
- Set DMARC record to: v=DMARC1; p=reject;

The policy of the top level domain will be applied to all subdomains of the top level domain by default unless you set a subdomain policy (sp=) or create an individual DMARC record for subdomains

- The policy of the top level domain will be applied to all subdomains of the top level domain by default unless you set a subdomain policy (sp=) or create an individual DMARC record for subdomains

Reach out to all of them and request for SPF and DKIM records to be generated and provided to you

If a service does not support DKIM then ask them to relay their emails via your own SMTP/Gateway device that will do the DKIM signing

- Reach out to all of them and request for SPF and DKIM records to be generated and provided to you
- If a service does not support DKIM then ask them to relay their emails via your own SMTP/Gateway device that will do the DKIM signing

If you are unsure speak to OnDMARC for the best approach to quarantine or reject policy by clicking the button below

What is OnDMARC's recommended configuration process on the DMARC journey to p=reject

Top Level Domains

Parked Domains

Subdomains

Third-Party Sending Services