If implementing SPF, DKIM, and DMARC is on your list, then you also probably know that enforcement is the goal — and the first step towards creating a powerful anti-phishing system for your organization’s domains. DMARC at enforcement will help you:
- Stop exact-domain impersonation
- Identify and control shadow IT
- Protect your brand
But to implement email authentication with DMARC correctly, you need to follow a few critical steps:
- First, start to gain visibility by configuring a p=none (monitoring mode) DMARC record.
- Next, for each service that is sending email as you, work with internal stakeholders to identify owners.
- Configure SPF and DKIM for each service you want to authorize.
- Publicize your program internally to ensure that stakeholders know what’s going on, and can let you know if there are any remaining issues with delivery of critical email messages.
- Move to enforcement with a p=quarantine or p=reject policy in DMARC.
- Continue monitoring DMARC reports for any new services or changes in status for existing services, and adjust SPF and DKIM as needed to ensure that your configurations are current.
In this infographic, we cover the high-level view of a DMARC project and the six steps you need to take in order to achieve enforcement.