Topics Map > Campus Services > Office 365

Microsoft 365 - Publishing a Custom DMARC Record for Your Email Domain in DNS

Audience: Domain Administrators and Departmental/Organizational IT Support Staff

This article provides instructions for publishing custom DMARC records in DNS for UW-Madison email domains. Information about the protection of UW-Madison email with DMARC can be found here: Email Authenticity

Note: This article assumes fundamental knowledge of DNS records and DMARC. If you would like to learn more about DMARC and DNS records, please see the following resources:

Preparing to publish your custom DMARC record

Before you publish a custom DMARC record for your email domain, you'll want to make sure your domain's SPF record in DNS includes all of the senders you approve to send email as/from your domain and that it ends with "~all" or "-all".

  1. Use the DMARC Info tool in the Wisc Account Admin Site to view IP addresses sending as/from your domain over the past several days and stage potential changes to your domain's SPF record.

  2. Reach out to any and all third-party email vendors your organization contracts with and request that they work with you to set up custom domain authentication via SPF and DKIM for your subdomain (e.g. mydomain.wisc.edu). Steps for how to do this with some of campus's commonly used third-party email vendors are below:

Publishing your custom DMARC record

Once your domain's SPF record in DNS has been updated to include only senders you approve to send as/from your domain, and you've taken steps to set up custom domain authentication via DKIM for any/all third-party email vendors that send as/from your domain, you may take the next steps to publish a custom DMARC record for your email domain in DNS however you normally publish DNS records or request their publication.


DMARC record publication location

Publish a TXT record in DNS at the following location, replacing yourdomain.wisc.edu with the domain for which you'd like the record published:

_dmarc.yourdomain.wisc.edu

Different options for publishing your custom DMARC record

  • Effective Quarantine Record
  • Use the following value when publishing the DMARC record so that it instructs recipient mail systems to quarantine messages that fail your DMARC policy and provide failure reports to UW-Madion's mail system administrators:

    "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@wisc.edu; ruf=mailto:dmarc-forensics@wisc.edu; fo=1; sp=none;"

    Note: to change the percentage of quarantined failed messages, change the value in the "pct=" tag in the record to any value between 0 and 100.

  • Reject Record
  • Use the following value when publishing your DMARC record so that it instructs recipient mail systems to reject messages that fail your DMARC policy and provide failure reports to UW-Madison's mail system administrators:

    "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-reports@wisc.edu; ruf=mailto:dmarc-forensics@wisc.edu; fo=1; sp=none;"

    Note: to change the percentage of rejected failed messages, change the value in the "pct=" tag in the record to any value between 0 and 100.

See Also:




Keywords:domain based message authentication reporting conformance name system naming TXT SPF DKIM CNAME restrictive report forensic aggregate quarantine reject uw madison list server email header reply-to google groups administrators smtp IP addresses caution external "[CAUTION: External]" tagging subject mailman mail-man forwarders   Doc ID:86177
Owner:O365 S.Group:Microsoft 365
Created:2018-10-01 16:10 CDTUpdated:2023-02-02 09:01 CDT
Sites:DoIT Help Desk, DoIT Tech Store, Microsoft 365
Feedback:  0   0