Top Level Domains
Start with DMARC policy of p=none;
Look at the Reports / Senders / Unknown tab daily and classify senders
Focus on your TOP 5 to 10 valid senders. Sort by email volume and see who the top senders are to help your decision making
Speak to your teams internally to find out for certain that sending sources are valid or invalid
Follow Configuration actions for all of your Assets (found in the Actions tab) to set up SPF and DKIM
Populate the Email Sources menu for each Asset so it can be properly monitored.
Mark other sources as threats if you are confident they are not valid
Once all valid senders are identified, monitor the traffic and change the DMARC policy to p=quarantine.
Continue to monitor and if everything is properly configured then change your policy straight to p=reject or to p=quarantine first if you would like to slowly ramp up the policy.
Set SPF record to: v=spf1 -all
Set DMARC record to: v=DMARC1; p=reject;
The policy of the top level domain will be applied to all subdomains of the top level domain by default unless you set a subdomain policy (sp=) or create an individual DMARC record for subdomains
Third-Party Sending Services
Reach out to all of them and request for SPF and DKIM records to be generated and provided to you
If a service does not support DKIM then ask them to relay their emails via your own SMTP/Gateway device that will do the DKIM signing
If you are unsure speak to OnDMARC for the best approach to quarantine or reject policy by clicking the button below