---
title: "DMARC Setup Stage 1- Preparation | DMARC Report"
description: "DMARC (RFC 7489) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible From header."
image: "https://dmarcreport.com/og/blog/dmarc-setup-stage-1-preparation.png"
canonical: "https://dmarcreport.com/blog/dmarc-setup-stage-1-preparation/"
---
Quick Answer
DMARC (RFC 7489) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible \`From\` header. According to Google's February 2024 bulk sender requirements, a DMARC policy of at least \`p=none\` is now mandatory for any domain sending 5,000+ messages per day to Gmail users. DMARC Report
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fdmarc-setup-stage-1-preparation%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=DMARC%20Setup%20Stage%201-%20Preparation&url=undefined%2Fblog%2Fdmarc-setup-stage-1-preparation%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fdmarc-setup-stage-1-preparation%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fdmarc-setup-stage-1-preparation%2F&title=DMARC%20Setup%20Stage%201-%20Preparation "Share on Reddit") [ ](mailto:?subject=DMARC%20Setup%20Stage%201-%20Preparation&body=Check out this article: undefined%2Fblog%2Fdmarc-setup-stage-1-preparation%2F "Share via Email")
## Try Our Free DMARC Checker
Validate your DMARC policy, check alignment settings, and verify reporting configuration.
[ Check DMARC Record → ](/tools/dmarc-checker/)
> The most common mistake we see during DMARC setup is jumping straight to p=reject without monitoring first, says Vasile Diaconu, Operations Lead at DuoCircle. Start at p=none, analyze your reports for at least a full quarter - you need to catch monthly, quarterly, and annual email senders that only fire periodically. Then fix any legitimate senders that fail before enforcing. We walk every customer through this sequence.
DMARC ([RFC 7489](https://datatracker.ietf.org/doc/html/rfc7489)) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible `From` header. According to Google’s February 2024 bulk sender requirements, a DMARC policy of at least `p=none` is now mandatory for any domain sending 5,000+ messages per day to Gmail users. DMARC Report
DMARC Setup Stage 1- Preparation
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-12835” readonly/>
```
```
The process of [deploying DMARC](https://dmarcreport.com/blog/why-dmarc-fails-troubleshooting-guide-2026/) is crucial but complicated. To avoid problems related to maintenance, modifications, reporting, and troubleshooting, it’s vital that you **plan and record everything**.
We suggest that before you start creating or modifying [DNS records](https://gcore.com/learning/dns-records-explained/) to analyze **DMARC data**, you take care of two things for a smooth deployment:
- Creating a worksheet is a crucial step in the DMARC setup process. _It allows you to record and organize all the necessary information about your domain, ensuring a **smooth and well-documented deployment**_. This worksheet will serve as a control tool , helping you manage the process effectively and avoid any [potential issues](https://dmarcreport.com/blog/why-dmarc-fails-troubleshooting-guide-2026/).
- Alter the domain to a \*\*basic configuration so that you can begin easily.
## Why Should You Document Every Step of the DMARC Setup Process?
\*\*Documenting every step of the process during the deployment of [DMARC](https://dmarcreport.com/) is crucial for several reasons:
As of 2025, DMARC is mandatory under multiple compliance frameworks. [CISA BOD 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) requires p=reject for US federal domains. [PCI DSS v4.0](https://www.pcisecuritystandards.org/) mandates DMARC for organizations processing payment card data as of March 2025\. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and [Microsoft began rejecting](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) non-compliant email in May 2025\. The UK [NCSC](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing), Australia’s [ASD](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-email), and Canada’s [CCCS](https://www.cyber.gc.ca/en/guidance/implementation-guidance-email-domain-protection) all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.
## 1\. Tracking Progress
_Documentation allows you to track the progress of the deployment, including when each step was completed and any issues encountered along the way_. This helps ensure that the deployment stays on schedule and \*\*provides a clear record of achievements.
## 2\. Troubleshooting
If any issues arise during the deployment process or afterward, having detailed documentation can help [identify the root cause](https://en.wikipedia.org/wiki/Root%5Fcause%5Fanalysis) more quickly. It provides a reference point to backtrack, analyze, and troubleshoot problems effectively.
## 3\. Knowledge Sharing
Documenting the deployment process allows you to share \*\*knowledge and insights with team members or other [stakeholders](https://www.investopedia.com/terms/s/stakeholder.asp) involved in the project. This promotes collaboration, ensures everyone is on the same page, and empowers team members to contribute effectively.
## 4\. Training and Onboarding
Documentation serves as a valuable resource for [training new team members](https://medium.com/@timiogundele/strengthening-your-business-defenses-dmarc-and-staff-training-to-prevent-business-email-compromise-28a534b869af) or \*\*onboarding individuals who may be responsible for managing DMARC in the future. _It provides a comprehensive guide to understanding the deployment process, configuration settings, and best practices_.
## 5\. Compliance and Auditing
\*\*Detailed documentation is often required for compliance purposes and may be subject to audits. By documenting each step of the DMARC deployment, you can demonstrate compliance with relevant regulations and provide evidence of your organization’s efforts to enhance [email security](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/).
## 6\. Continuous Improvement
Documenting the deployment process allows you to evaluate and refine your approach over time. _By reviewing past deployments and analyzing documentation, you can identify areas for improvement, implement lessons learned, and **optimize future deployments**_.
## How Do You Create a Worksheet for a Hassle-Free and Documented DMARC Setup Process?
Strategize a way to organize the whole process of documenting the DMARC deployment process. Also, keep it simple, as fancy things get complicated and time-consuming. We suggest you go for a standard Google Spreadsheet or Microsoft Excel . Also, consider using [Google Calendar](https://dmarcreport.com/blog/fixing-google-calendar-invites-that-fail-dmarc-checks/) to add reminders and plan a **date-wise progress**. If you are going for a spreadsheet, record the following details-
- The domain name.
- **List of sender hosts**, name, IP, [DKIM](https://dmarcreport.com/what-is-dkim/) selectors.
- The starting and conclusion dates for each phase of the deployment.
- Additional remarks that seem important.
## Baseline Configuration
Reset the domain to a baseline configuration so that if [SPF](https://dmarcreport.com/what-is-spf/), DKIM, or DMARC DNS records are missing, they can be set up to collect DMARC reports without hindering the **existing email delivery process**.
Then, alter the TTL values for SPF, DKIM, and [DMARC records](https://dmarcreport.com/dmarc-record/) to smaller values. This will help propagate the changes across the DNS quickly, which is important during DMARC deployment. Set the TTL to 10 minutes or 600 seconds to prevent \*\*overburdening DNS server resources with frequent queries. _Don’t revert TTL to any longer values throughout the DMARC deployment process_.
Set up a softfail [SPF record](https://dmarcreport.com/tools/spf-record-generator/) so that genuine messages don’t get rejected outright in the case of [false positives](https://www.stormshield.com/news/the-issue-of-false-positives-in-cybersecurity/).
To imply softfail, use the \*\*\~all mechanism in your SPF record. Once done, configure DKIM on your **email providers and servers**. Don’t forget to put the [DKIM record](https://dmarcreport.com/blog/dkim-examples-a-comprehensive-guide-to-email-configuration/) to the test mode using the \*\*t=y tag.
Lastly, the [DMARC policy](https://dmarcreport.com/dmarc-policy/) should be changed to none, as the first stage is **only for monitoring**.
## Why Should You Start with p=none in DMARC?
Setting the policy to “none” is often considered the best starting point for [implementing DMARC](https://dmarcreport.com/blog/9-reasons-why-companies-resist-implementing-dmarc/) because it allows you to \*\*monitor and gather data about your domain’s [email traffic](https://emailanalytics.com/email-traffic/) without impacting email delivery.
With the “none” policy, receiving mail servers continue to deliver emails as usual, regardless of whether they pass or fail DMARC authentication . This enables you to analyze [DMARC reports](https://dmarcreport.com/blog/how-to-read-dmarc-reports-guide-2026/) to understand which sources are sending emails on your behalf and identify any \*\*unauthorized senders or issues with authentication.
_By starting with a “none” policy, you can refine your **DMARC configurations**, gradually enforcing stricter policies (such as “quarantine” or “reject”) as you gain confidence in your email authentication setup and ensure \*\*legitimate emails are properly authenticated._ This incremental approach minimizes the risk of disrupting legitimate email delivery while strengthening security measures against spoofing and [phishing attacks](https://www.scmagazine.com/podcast-segment/12558-zscaler-annual-phishing-report-finds-a-near-60-increase-of-phishing-attacks-in-2023-deepen-desai-rsa24-2).
## Sources
- [CISA Binding Operational Directive 18-01](https://www.cisa.gov/news-events/directives/bod-18-01)
- [Microsoft Outlook DMARC Enforcement May 2025](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) (2025)
- [PCI DSS v4.0 - DMARC Requirement](https://www.pcisecuritystandards.org/) (2025)
- [RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)](https://datatracker.ietf.org/doc/html/rfc7489)
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ dmarc record ](/tags/dmarc-record/)[ dns record ](/tags/dns-record/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/)
[ Vishal Lamba ](/authors/vishal-lamba/)
Content Specialist
Content Specialist at DMARC Report. Writes vendor-specific email authentication guides and troubleshooting walkthroughs.
[LinkedIn Profile →](https://www.linkedin.com/in/vishal-lamba/)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 14m Add TXT Record on Namecheap (SPF, DKIM & DMARC) - 2026 Mar 5, 2025 ](/blog/add-txt-record-on-namecheap-a-complete-dns-guide/)[ Foundational 12m Adding SPF Records To Your Domain For Outlook Email Authentication Sep 25, 2025 ](/blog/adding-spf-records-to-your-domain-for-outlook-email-authentication/)[ Foundational 9m Answering Your Webinar Questions: Email Security - From The Desk Of DMARCReport Dec 2, 2025 ](/blog/answering-webinar-questions-email-security-dmarcreport-desk-insights-guide/)[ Foundational 10m Best Tools For Generating DMARC Records For Small Businesses With Minimal It Staff? Nov 28, 2025 ](/blog/best-tools-for-generating-dmarc-records-for-small-businesses-without-it-staff/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"DMARC Setup Stage 1- Preparation","description":"DMARC (RFC 7489) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible From header.","url":"https://dmarcreport.com/blog/dmarc-setup-stage-1-preparation/","datePublished":"2024-05-08T12:05:51.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2024-05-08T12:05:51.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vishal-lamba/#person","name":"Vishal Lamba","url":"https://dmarcreport.com/authors/vishal-lamba/","jobTitle":"Content Specialist","description":"Vishal Lamba writes DMARC Report's how-to guides and vendor-specific configuration walkthroughs. His work focuses on step-by-step implementation guides for major email platforms (Google Workspace, Microsoft 365, SendGrid, Mimecast, Proofpoint, Brevo, and others), troubleshooting common SPF and DMARC errors, and translating RFC-level specifications into practical deployment procedures for IT administrators.","image":"https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg","knowsAbout":["SPF Vendor Configuration","Email Platform Integrations","SPF Troubleshooting","Technical Documentation","Step-by-Step Guides"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vishal-lamba/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/dmarc-setup-stage-1-preparation/"},"articleSection":"foundational","keywords":"dkim, DMARC, dmarc record, dns record, email security, SPF","wordCount":1182,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"DMARC Setup Stage 1- Preparation","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"DMARC Setup Stage 1- Preparation","item":"https://dmarcreport.com/blog/dmarc-setup-stage-1-preparation/"}]}
```