Need Help Setting Up DMARC for My Domain

Hi everyone,

I’m new to DMARC and could use some guidance. I’ve set up SPF and DKIM for my domain, and now I’m trying to implement DMARC to improve email deliverability and security.

Here’s what I’ve done so far:

1. Created a DMARC record with p=none to monitor emails.
2. Added the policy to my DNS:

v=DMARC1; p=none; rua=mailto:dmarc-reports@example.com; ruf=mailto:dmarc-failures@example.com  

3. Confirmed that SPF and DKIM are passing for most emails.

However, I’m still seeing some unauthorized sources in the reports. Can anyone recommend:

• How to identify and block these sources?
• When and how to transition to p=quarantine or p=reject safely?
• Tools or tips to analyze reports efficiently?

Any advice or resources would be much appreciated!

Thanks in advance!

You cannot. The whole point of publishing a DMARC policy is to let the receiving MTA know how to treat these forgeries. Your current policy instructs recipient servers to deliver them to the inbox. A quarantine or reject policy requests that they be handled via the corresponding action.

Once your reports indicate that your policy covers all legitimate sources of email.

Change the none to quarantine and publish the updated DNS record.

Use a service like dmarcian so that you aren’t trying to read piles of XML reports. Don’t waste time with Forensic reports. I wouldn’t even include an ruf URI in your DMARC policy.