DMARC (stands for Domain-based Message Authentication, Reporting & Conformance) is a TXT record implenented in a _dmarc subdomain on your DNS server that after DKIM and SPF are implemented ultimatively advises the destination mail server, what to do with mails that do not comply with the rules that you defined in the former two mechanisms.
So once again, first you have to have SPF and DKIM mechanisms described respectively on these pages. The you should create a _dmarc subdomain on your DNS server, containing a TXT record with the following data:
"v=DMARC1; p=none; rua=mailto:email@example.com; ruf=mailto:firstname.lastname@example.org"
Basically, this tells the destination mail servers to check all your mails and (for now) do nothing (p=none) with them, but send you a daily report about the compliance of SPF and DKIM rules on the mail email@example.com (change this according to your needs).
You should analyse these reports throughly before to see that your DKIM and SPF mechanism are actually doing what they are to do, before setting any advisory policy, to quarantine or reject the invalid emails.
Here is a brief description of the DMARK polixy parameters:
v required Protocol version v=DMARC1 p required Advised policy for domain p=none pct optional % of messages subjected to filtering pct=20 rua optional Reporting URI of aggregate reports rua=mailto:firstname.lastname@example.org sp optional Policy for subdomains of the domain sp=r aspf optional Alignment mode for SPF aspf=r
The parameter that you will be changing later, is the policy (p) and the percentage of mail affected (pct). The valid values for the policy are:
none - Take no action, just log affected mails on the daily report only. quarantine - Mark affected mails as spam if supported by the destination mail server reject - reject the mail
The percentage of the messages affected (pct) can go from 1 to 100%. Naturally the default value is 100%. It actually tells the destination server to apply the advised <p> parameter/rule only to the given percentage of the mails when <p=quarantine> or <p=reject> – for experimental purposes. Naturally, it is 100% while <p=none> because we want to monitor all the mails.
So at the end, when you are quite sure that your mails won’t end rejected or in garbage, you can change the upper DNS record to
"v=DMARC1; p=quarantine; rua=mailto:email@example.com"
This will possibbly quarantine all invalid mails that seem to come from your mail servers (but they are NOT!)
For more information, visit www.dmarc.org