If you're at a large organization looking to deploy DMARC, view the video on dmarcian's deployment process. It's worth your time!
Here's a checklist you can use to get DMARC into place:
- Create a list of your domains.
- Publish DMARC records to collect data for each of your domains.
- Wait for data to roll in. DMARC report generators operate on a 24 hour cycle, and so you might as well check back in a day or two, or make yourself a really huge pot of coffee.
- Look at your DMARC reports to figure out what you need to do next.
- Depending on who is sending your legitimate email, bring your sources of email into compliance with DMARC.
- Capabilities of sources range from "easy" to "some setup required" to "difficult".
- dmarcian tracks the capabilities of email sources to allow dmarcian users to quickly zero in on changes that need to happen.
- DMARC uses SPF and DKIM to make email easy to identify. (A short video about SPF, and one for DKIM.)
- As each domain becomes compliant with DMARC to your satisfaction, you can put in place controls to disallow unauthorized use of your domain.
- You're done. Continue to monitor for DMARC compliance. When you get a new domain, just put it through these steps to maintain 100% DMARC compliance.
DMARC brings some very nice benefits to email; we even made a short video about it.