This is a basic guide on how to craft a DMARC record for your domain. For more extensive information, reference the dmarc.org site. Below shows the anatomy of a DMARC record in an effort to show what options are available and what to use in crafting a new DMARC record.
We would also like to mention that DMARC records are "all-for-one", in that, they would apply to all emails for the domain. Please use caution when crafting a new record.
DMARC works in conjunction with SPF and DKIM to help ensure legitimate email authenticates in the correct manner. This is done by settings a policy on what do so with emails that do match the DMARC record settings.
A sample DMARC record for a test domain: firstname.lastname@example.org
Raw DMARC TXT record:
_dmarc.domain.tld. 897 IN TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:email@example.com; ruf=mailto:firstname.lastname@example.org"
This record contains the following information:
record name: _dmarc.domain.tld.
Protocal version: (v) - v=DMARC1
Policy: (p) - p=quarantine
Percentage of messages for filtering: (pct) - pct=100
Reporting URI for aggregate reports: (rua) - rua=mailto:email@example.com
Reporting URI for forensic reports: (ruf) - ruf=mailto:firstname.lastname@example.org
In the above example, the DMARC records would cause the receiver to quarantine all email messages that are non aligned with the SPF and/or DKIM record of the domain 100% of the time. And send a report to the two email addresses for analysts.
DMARC has more options that can be used than the above. For a full list, we recommend reviewing the "Anatomy of a DMARC resource record in the DNS" section of the dmarc.org webpage.
The DMARC record needs only be placed on the authoritative DNS servers and is a DNS TXT record.
If your nameservers are on cPanel servers, then you can add the record to the server using the WHM DNS Manager.
Or you can add it as a TXT record on third-party nameservers like Amazon Web Services (AWS).