Question
I followed the instructions in the article Publish DMARC record to set up and publish my DMARC record. However, I'd like to know how to strengthen my DMARC security policy from the current "p=none" state.
Can you give me some guidance on how to proceed?
Answer
Regarding the DMARC record, if it is registered with "p=none" (do nothing), DMARC-compliant email receiving servers will perform DMARC verification, but generally the verification results will not affect mail reception.
Therefore, there is little possibility that DMARC authentication results cause rejecting email receiving, but it does not contribute much to enhancing email security.
In order to enhance email security, please consider gradually moving forward "p=none" to the following parameters:
・"p=quarantine"
・"p=reject"
When changing the "p" tag in the DMARC record as described above, we recommend that you first set the "rua" tag to an email address to receive DMARC reports. Then, refer to the reports sent from DMARC-compliant email receiving servers such as Microsoft and Google, and carefully examine the status of email authentication (SPF/DKIM) for emails sent from your company.
Also, by using the "pct" tag, you can adjust the percentage (%) at which the DMARC policy is applied to sent emails within the range of "1 ~ 100." When changing the value of the "p" tag to a more restrictive one, we recommend that you first use the "pct" tag to apply the DMARC policy to a small amount of email, and if there are no problems such as rejection of email reception, gradually increase the percentage of email to which the policy is applied.
*Please note that if you raise the DMARC policy without completing email authentication (SPF/DKIM), email reception will be rejected.
Finally, please note that analysis of DMARC reports, etc., is outside the scope of HENNGE One services support. Therefore, kindly understand HENNGE One support desk will not be able to respond to related inquiries.