Getting Started
Implementing DMARC on a domain will follow a four phase process. Each phase should be completed before moving onto the next. The phases are briefly described below, with more detailed explanations in later sections.
Phase 1
Finalize DNS: First, migrate all existing SPF and DKIM records to DMARC Manager by making changes to the relevant domain's DNS zone files. This enables the user to make DNS-level changes via the DMARC Manager platform without needing to make further DNS changes on your public DNS zone.
Phase 2
Authorize Senders: Next, ensure that all authorized senders are correctly configured, i.e. that the correct SPF and DKIM records are in place for all Approved Senders, and that the senders themselves are correctly signing emails. Collect data on these changes so that you have visibility of all senders and ensure that you have correctly enabled each of them.
Phase 3
p=quarantine: Once satisfied that the above settings are correct, set the DMARC policy to "quarantine", which stops any email sent from unauthorized senders. Depending on the email provider, this either means that the email will be treated as spam or put into an actual quarantine. Do this so that no authorized senders are missed, and no legitimate mail fails to reach the intended inbox.
Phase 4
p=reject: Lastly, after all senders have been captured, set the DMARC policy to "reject", which blocks all malicious actors from impersonating your domain.