DMARC Setup Stage 1- Preparation
Quick Answer
DMARC (RFC 7489) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible `From` header. According to Google's February 2024 bulk sender requirements, a DMARC policy of at least `p=none` is now mandatory for any domain sending 5,000+ messages per day to Gmail users. DMARC Report
Related: Free DMARC Checker ·How to Create an SPF Record ·SPF Record Format
Try Our Free DMARC Checker
Validate your DMARC policy, check alignment settings, and verify reporting configuration.
Check DMARC Record →
The most common mistake we see during DMARC setup is jumping straight to p=reject without monitoring first, says Vasile Diaconu, Operations Lead at DuoCircle. Start at p=none, analyze your reports for at least a full quarter - you need to catch monthly, quarterly, and annual email senders that only fire periodically. Then fix any legitimate senders that fail before enforcing. We walk every customer through this sequence.
DMARC (RFC 7489) ties SPF and DKIM together by requiring alignment between the envelope sender and the visible From header. According to Google’s February 2024 bulk sender requirements, a DMARC policy of at least p=none is now mandatory for any domain sending 5,000+ messages per day to Gmail users.
DMARC Report
DMARC Setup Stage 1- Preparation
<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
Play Episode
</button>
<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
Pause Episode
</button>
<audio preload="none" class="clip clip-12835">
<source src="https://media.mailhop.org/dmarcreport/images/2024/05/DMARC-Setup-Stage-1-Preparation.mp3">
</audio>
<button class="player-btn player-btn__volume" title="Mute/Unmute">
Mute/Unmute Episode
</button>
<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
Rewind 10 Seconds
</button>
<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
Fast Forward 30 seconds
</button>
<time class="ssp-timer">00:00</time>
/
<!-- We need actual duration here from the server -->
<time class="ssp-duration" datetime="PT0H1M36S">1:36</time>
<nav class="player-panels-nav">
<button class="subscribe-btn" id="subscribe-btn-12835" title="Subscribe">Subscribe</button>
<button class="share-btn" id="share-btn-12835" title="Share">Share</button>
</nav>
RSS Feed
<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-12835" title="RSS Feed URL" readonly />
<button class="copy-rss copy-rss-12835" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
Share
<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/dmarc-setup-stage-1-preparation/&t=DMARC Setup Stage 1- Preparation" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
</a>
<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/dmarc-setup-stage-1-preparation/&url=DMARC Setup Stage 1- Preparation" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
</a>
<a href="https://media.mailhop.org/dmarcreport/images/2024/05/DMARC-Setup-Stage-1-Preparation.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
</a>
Link
<input value="https://dmarcreport.com/blog/podcast/dmarc-setup-stage-1-preparation/" class="input-link input-link-12835" title="Episode URL" readonly />
<button class="copy-link copy-link-12835" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
Embed
/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-12835” readonly/>
<button class="copy-embed copy-embed-12835" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
The process of deploying DMARC is crucial but complicated. To avoid problems related to maintenance, modifications, reporting, and troubleshooting, it’s vital that you plan and record everything.
We suggest that before you start creating or modifying DNS records to analyze DMARC data, you take care of two things for a smooth deployment:
-
Creating a worksheet is a crucial step in the DMARC setup process. It allows you to record and organize all the necessary information about your domain, ensuring a smooth and well-documented deployment. This worksheet will serve as a control tool , helping you manage the process effectively and avoid any potential issues.
-
Alter the domain to a **basic configuration so that you can begin easily.
Why Should You Document Every Step of the DMARC Setup Process?
**Documenting every step of the process during the deployment of DMARC is crucial for several reasons:
As of 2025, DMARC is mandatory under multiple compliance frameworks. CISA BOD 18-01 requires p=reject for US federal domains. PCI DSS v4.0 mandates DMARC for organizations processing payment card data as of March 2025. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and Microsoft began rejecting non-compliant email in May 2025. The UK NCSC, Australia’s ASD, and Canada’s CCCS all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.
1. Tracking Progress
Documentation allows you to track the progress of the deployment, including when each step was completed and any issues encountered along the way. This helps ensure that the deployment stays on schedule and **provides a clear record of achievements.
2. Troubleshooting
If any issues arise during the deployment process or afterward, having detailed documentation can help identify the root cause more quickly. It provides a reference point to backtrack, analyze, and troubleshoot problems effectively.
3. Knowledge Sharing
Documenting the deployment process allows you to share **knowledge and insights with team members or other stakeholders involved in the project. This promotes collaboration, ensures everyone is on the same page, and empowers team members to contribute effectively.
4. Training and Onboarding
Documentation serves as a valuable resource for training new team members or **onboarding individuals who may be responsible for managing DMARC in the future. It provides a comprehensive guide to understanding the deployment process, configuration settings, and best practices.
5. Compliance and Auditing
**Detailed documentation is often required for compliance purposes and may be subject to audits. By documenting each step of the DMARC deployment, you can demonstrate compliance with relevant regulations and provide evidence of your organization’s efforts to enhance email security.
6. Continuous Improvement
Documenting the deployment process allows you to evaluate and refine your approach over time. By reviewing past deployments and analyzing documentation, you can identify areas for improvement, implement lessons learned, and optimize future deployments.
How Do You Create a Worksheet for a Hassle-Free and Documented DMARC Setup Process?
Strategize a way to organize the whole process of documenting the DMARC deployment process. Also, keep it simple, as fancy things get complicated and time-consuming. We suggest you go for a standard Google Spreadsheet or Microsoft Excel . Also, consider using Google Calendar to add reminders and plan a date-wise progress. If you are going for a spreadsheet, record the following details-
-
The domain name.
-
List of sender hosts– name, IP, DKIM selectors.
-
The starting and conclusion dates for each phase of the deployment.
-
Additional remarks that seem important.
Baseline Configuration
Reset the domain to a baseline configuration so that if SPF, DKIM, or DMARC DNS records are missing, they can be set up to collect DMARC reports without hindering the existing email delivery process.
Then, alter the TTL values for SPF, DKIM, and DMARC records to smaller values. This will help propagate the changes across the DNS quickly, which is important during DMARC deployment. Set the TTL to 10 minutes or 600 seconds to prevent **overburdening DNS server resources with frequent queries. Don’t revert TTL to any longer values throughout the DMARC deployment process.
Set up a softfail SPF record so that genuine messages don’t get rejected outright in the case of false positives.
To imply softfail, use the **~all mechanism in your SPF record. Once done, configure DKIM on your email providers and servers. Don’t forget to put the DKIM record to the test mode using the **t=y tag.
Lastly, the DMARC policy should be changed to none, as the first stage is only for monitoring.
Why Should You Start with p=none in DMARC?
Setting the policy to “none” is often considered the best starting point for implementing DMARC because it allows you to **monitor and gather data about your domain’s email traffic without impacting email delivery.
With the “none” policy, receiving mail servers continue to deliver emails as usual, regardless of whether they pass or fail DMARC authentication . This enables you to analyze DMARC reports to understand which sources are sending emails on your behalf and identify any **unauthorized senders or issues with authentication.
By starting with a “none” policy, you can refine your DMARC configurations, gradually enforcing stricter policies (such as “quarantine” or “reject”) as you gain confidence in your email authentication setup and ensure **legitimate emails are properly authenticated. This incremental approach minimizes the risk of disrupting legitimate email delivery while strengthening security measures against spoofing and phishing attacks.
Sources
Topics
Content Specialist
Content Specialist at DMARC Report. Writes vendor-specific email authentication guides and troubleshooting walkthroughs.
LinkedIn Profile →Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.