- Identify your domains
The first step is identifying all domains that are owned by your organization. The DMARC framework can be deployed on all your domains, even if they are dormant and not used for anything. Those domains still belong to you and can be impersonated by an attacker infringing upon your brand.
- Enable DMARC monitoring for all
The optimal way is to configure the DMARC record for all your domains with the none policy as this will have no impact on your email flow. This will enable you to analyze DMARC aggregate reports and identify all your email sending sources. This also helps to realize the services that various departments of your organization have subscribed to. For example, the HR team might be using a recruitment platform that is sending job emails which contain your organizational domain as the from email domain (e.g. email@example.com), or the marketing team using a bulk email service to send out promotional emails which also have your domain in the from email domain (e.g. firstname.lastname@example.org). In the midst of this. you may also realize that a domain you thought to be dormant is actually being used for email communications.
Following is the DMARC record you may use to view your reports on our platform:
- Reject mode for dormant domains and active domains analysis
Upon analysing your DMARC aggregate reports, You would have identified your domains that are not being used to send emails. You can directly move to the DMARC reject policy along with an SPF record with NO IPs authorized to send emails. This will protect your dormant domains from being impersonated by anyone.
You will notice an added email address on the DMARC record above. That is for receiving forensic reports when the dormant domain is impersonated. These reports will include the content of the email and the header to analyze it further and take action if necessary.
As for your active domains, constant analysis and identification of your legitimate email sources is required at this point. This will enable you to authorize all your legitimate email outgoing sources effectively blocking impersonated emails when you eventually move to DMARC reject policy on the active domains.