How to Reach a DMARC Reject Policy

June 17, 2022  |  3 min read

In this article, we provide you with step-by-step guidance on how to enforce the DMARC policy and discuss whether it is always desirable to enforce the DMARC policy to reject. Keep in mind that it may be helpful to learn more about DMARC policies and how they work before getting started. For more information on DMARC, SPF, and DKIM click on those links.

What are DMARC policies and how it impacts deliverability

DMARC Policies are 3: none, quarantine, reject. For more information please check our article What is a DMARC Policy

Before considering p=reject, you have to have some insight into your emails. The ‘none’ policy provides insight into the email channel and allows organizations to start working on correctly authenticating the sources that send out emails on their behalf. The “none” policy, will just monitor the emails sent from your domain and send you reports. This way, you can figure out which sources are authentic and which might not be, without affecting deliverability.

Steps to Reach a DMARC Reject Policy

1. Begin monitoring your domain with DMARC.

Create a DMARC record for your domain. This allows you to receive DMARC reports without impacting your mail flow. Skysnag provides users with free DMARC reports.

NOTE: This step is only for domains that are not using DMARC. If your domain already has a DMARC record, skip to Step 2.

If you bought your domain through GoDaddy or Cloudflare, Skysnag offers an instant setup. This means you don’t have to touch your DNS settings; Skysnag will automatically do it for you. After logging in to Skysnag, add your domain and follow the instant setup steps.

2. Set your DMARC policy to p=none

The next step is to set your DMARC policy to p=none. This allows you to receive DMARC reports without impacting your mail flow. The ‘none’ policy provides insight into the email channel and allows organizations to start working on correctly authenticating the sources that send out emails on their behalf. The ‘none’ policy, will just monitor the emails sent from your domain and send you reports. This way, you can figure out which sources are authentic and which might not be, without affecting deliverability. 

3. Collect DMARC reports

The next step is to collect DMARC reports. These reports will provide the information needed to configure your SPF and DKIM. Skysnag provides users with free DMARC reports. 

4. Configuring SPF and DKIM

Skysnag automatically configures SPF and DKIM for you saving you the trouble and time required for manual configuration

5. Set your DMARC policy to p=quarantine

We advise enforcing the policy in small steps using the percentage tag (pct) in the DMARC record. For example, begin with a 15% quarantine policy, then increase to a 50% quarantine policy, then move to a 15% reject policy, and finally enforce the DMARC policy to full reject. Taking small steps allows an organization to enforce the DMARC policy while the risk of impacting the delivery of valid emails is minimized.

To set your DMARC policy to p=quarantine, log in to Skysnag and edit your DMARC policy. In the Policy section, select Quarantine from the dropdown menu. Once you have made this change, click Save.

  1. Continue Monitoring your DMARC reports: this will help you determine whether your SPF and DKIM records are correctly configured. It will also show you which messages are being sent to spam. To view your DMARC reports, log in to Skysnag and click on the Reports tab.
  2. Set DMARC to p=reject Once you have configured SPF and DKIM for your domain, the Skysnag Automated system will turn on the reject policy, making sure that all authenticated emails are delivered to the customers’ inboxes and the ones failing being blocked.

Conclusion

Congratulations on implementing a Reject policy! Skysnag’s automated DMARC solution strengthens protection against phishing and spoofing by confirming that an email message came from the domain it claims to have come from. Get started with Skysnag by signing up using this link for a free trial and maintain a healthy domain.