Top Level Domains

  • Start with DMARC policy of p=none;

  • Look at the Reports / Senders / Unknown tab daily and classify senders

  • Focus on your TOP 5 to 10 valid senders. Sort by email volume and see who the top senders are to help your decision making

  • Speak to your teams internally to find out for certain that sending sources are valid or invalid

  • Follow Configuration actions for all of your Assets (found in the Actions tab) to set up SPF and DKIM

  • Populate the Email Sources menu for each Asset so it can be properly monitored.

  • Mark other sources as threats if you are confident they are not valid

  • Once all valid senders are identified, monitor the traffic and change the DMARC policy to p=quarantine.

  • Continue to monitor and if everything is properly configured then change your policy straight to p=reject or to p=quarantine first if you would like to slowly ramp up the policy.

Parked Domains

  • Set SPF record to: v=spf1 -all

  • Set DMARC record to: v=DMARC1; p=reject;

Subdomains

  • The policy of the top level domain will be applied to all subdomains of the top level domain by default unless you set a subdomain policy (sp=) or create an individual DMARC record for subdomains

Third-Party Sending Services

  • Reach out to all of them and request for SPF and DKIM records to be generated and provided to you

  • If a service does not support DKIM then ask them to relay their emails via your own SMTP/Gateway device that will do the DKIM signing


If you are unsure speak to OnDMARC for the best approach to quarantine or reject policy by clicking the button below

Did this answer your question?