Change default DMARC policy from "quarantine" to "reject"


#1

Read for example this: https://dmarcian.com/policy-modes-quarantine-vs-reject/

With quarantine, spam emails claiming to come from your domain will be delivered to the spam folder, so people will think that your domain is sending spam.

All the biggest sites use reject, just an example:

_dmarc.google.com. 300 IN TXT “v=DMARC1; p=reject; rua=mailto:mailauth-reports@google.com

So I recommend changing the DMARC policy to reject for both the self-hosted DNS and the “External DNS” page


#2

You can override DNS settings by simply adding them in the Custom DNS page.

Make a new TXT DNS Record where the subdomain is _dmarc and the domain is your domain. then fill in the rest. :slight_smile:


#3

It’s best to start with either a p=quarantine or p=none as a start policy and use an rua section to enable aggregate reports BEFORE going to p=reject.

This will give you visibility of any potential issues before taking the final step of going to a reject policy.

Tim