Best Practices for DMARC

To get the most value from DMARC and protect your domain from spoofing, start with a safe, monitoring-only policy (p=none) and gradually increase enforcement (p=quarantine, p=reject) as your email authentication improves.

1. Start with Monitoring

  • Begin with p=none: This lets you collect DMARC reports without affecting mail delivery.

  • Review reports regularly: These reports show who is sending email on your behalf and whether those messages pass SPF and DKIM checks.

2. Increase Protection Over Time

  • Move to quarantine: Once legitimate senders are configured correctly, you can begin placing suspicious mail in the Spam/Junk folders.

  • Progress to reject: After everything is aligned, switch to a full-blocking DMARC policy to stop spoofed email entirely.

3. Keep Your Email Authentication Healthy

  • Make sure SPF and DKIM are set up properly: DMARC relies on both, so accuracy is critical.

  • Ensure domains match: Your SPF, DKIM, and "From" address should use aligned domains for optimal protection.

  • Rotate DKIM keys regularly: Updating keys helps keep your email secure.

4. Maintain and Monitor

  • Publish DMARC for every domain: Even domains that don't send email should have a DMARC record.

  • Monitor continuously: Email environments change, so ongoing review helps catch new senders or issues early.

  • Work with your email providers: Make sure your third-party services follow your SPF and DKIM requirements.

Why Is DMARC Important?

After DMARC has been properly implemented, it allows you to:

  • Monitor, detect, and fix real-world problems with your email delivery.
  • See the email volumes you are delivering to inboxes (including which ones).
  • Identify threat emails pretending to come from your domain (i.e., spoofing/phishing).
  • Control the delivery of your email and defend against spoofing attacks.

In addition, DMARC lets you take full control of your email deliverability. To combat spoofing and fraudulent domain activity, as well as improve message delivery, implementing DMARC puts your business in control of getting your campaigns and newsletters to inboxes while protecting recipients from phishing threats.

burritos@banana-pancakes.com braunstrowman@banana-pancakes.com finnbalor@banana-pancakes.com ricflair@banana-pancakes.com randysavage@banana-pancakes.com