This is a basic guide on how to craft a DMARC record for your domain. For more extensive information, reference the dmarc.org site. Below shows the anatomy of a DMARC record in an effort to show what options are available and what to use in crafting a new DMARC record.
We would also like to mention that DMARC records are "all-for-one", in that, they would apply to all emails for the domain. Please use caution when crafting a new record.
DMARC works in conjunction with SPF and DKIM to help ensure legitimate email authenticates in the correct manner. This is done by settings a policy on what do so with emails that do match the DMARC record settings.
A sample DMARC record for a test domain: email@example.com
Raw DMARC TXT record:
_dmarc.domain.tld. 897 IN TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:firstname.lastname@example.org; ruf=mailto:email@example.com"
This record contains the following information:
record name: _dmarc.domain.tld.
Protocal version: (v) - v=DMARC1
Policy: (p) - p=quarantine
Percentage of messages for filtering: (pct) - pct=100
Reporting URI for aggregate reports: (rua) - rua=mailto:firstname.lastname@example.org
Reporting URI for forensic reports: (ruf) - ruf=mailto:email@example.com
In the above example, the DMARC records would cause the receiver to quarantine all email messages that are non-aligned with the SPF and/or DKIM record of the domain 100% of the time. And send a report to the two email addresses for analysts.
DMARC has more options that can be used than the above. For a full list, we recommend reviewing the "Anatomy of a DMARC resource record in the DNS" section of the dmarc.org webpage.
Searching for the domain from this third-party site will show any current settings, as well as more detailed information regarding the DMARC options.
The DMARC record needs only be placed on the authoritative DNS servers and is a DNS TXT record.
If your nameservers are on cPanel servers, then you can add the record to the server using the WHM DNS Manager.
Or you can add it as a TXT record on third-party nameservers like Amazon Web Services (AWS).