Create your own DMARC record
In this step we are going to define the rule sets of your DMARC record. The DMARC record tells ISP's who adopted DMARC how they should handle your emails and optionally where to send the DMARC reports.
Select the policy level of your DMARC project
A DMARC Policy tells email receivers like Microsoft (Hotmail, Live, Outlook etc), Gmail, Yahoo! and other Internet Service Providers who adopted DMARC how to handle email that fails the DMARC check. In other words: a DMARC policy influences the way email is handled. There are three DMARC policies which you can add to your DMARC record. Depending on the DMARC policy, emails that fail the DMARC check will be handled differently. There are three policies to choose from: p=none, p=quarantine or p=reject. We recommended to start off with the monitor policy (p=none).
Select your DMARC policy
With the DMARC policy none, Internet Service Providers who've DMARC will not do anything with email that fails the DMARC check. The email just goes into the inbox / folder of the receiver. This DMARC policy can be used to simply start analyzing who is sending emails on behalf of a domain.
With the DMARC policy quarantine, Internet Service Providers who've DMARC will put emails failing the DMARC check in special ‘quarantine' folders like the junk or spam folder. This DMARC policy influences the way email is handled, however failing emails will still arrive.
With the DMARC reject policy, Internet Service Providers who've DMARC will reject all emails that fail the DMARC check. All these email will bounce and will not end up in any folder of the receiver. This DMARC policy makes sure emails failing the DMARC check will not arrive. Be aware that everything should be in place otherwise legitimate email might be blocked.
Would you like to use a different policy for your subdomains?
Select a policy level for subdomains
Next to the DMARC policy you've just selected for the main domain, you can choose a DMARC policy for your sub-domains. When you use sub-domains you will have to select a DMARC policy that will be applied on email that is send from sub-domains. This policy will be applied on email from the sub-domain(s) of your main domain. When an email of the sub-domain fails the DMARC check, this policy will be applied.
Since alignment is a key part of the DMARC implementation (without alignment you can't enforce your policy), it is possible to choose how alignment should be handled for DKIM signatures and your SPF setup. The chosen alignment mode influences when alignment is achieved. You can choose to let the alignment mode to be 'r' (Relaxed) or 's' (Strict).
DKIM alignment mode
For DKIM this means that the domain used to create the signature (and provided through the d= parameter), should match the ‘From' header. In Relaxed mode authenticated DKIM signing domains (d=) that share an organizational domain with an emails ‘From' domain will pass the DMARC check. In strict mode an exact match is required in order to achieve alignment.
SPF alignment mode
For SPF this means that the ‘Return-Path' header should match the ‘From' header. In Relaxed mode authenticated SPF domains that share an organizational domain with an emails ‘From' domain will pass the DMARC check. In strict mode an exact match is required in order to achieve alignment.
Determine the policy percentage
The percentage tag instructs ISPs to only apply the DMARC policy to a percentage of failing emails. 'pct=50' will instruct receivers to only apply the policy for 50% of the emails that fail the DMARC check. NOTE: this will not work for the 'none' policy, but only for the 'quarantine' or 'reject' policies.
% of the messages will be filtered. The policy percentage can be a number form 1 to 100. Default is 100 which is all messages.