Topics Map > Campus Services > Office 365

Microsoft 365 - Publishing a Custom DMARC Record for Your Email Domain in DNS

Audience: Domain Administrators and Departmental/Organizational IT Support Staff

This article provides instructions for publishing custom DMARC records in DNS for UW-Madison email domains. Information about the protection of UW-Madison email with DMARC can be found here: Email Authenticity

Note: This article assumes fundamental knowledge of DNS records and DMARC. If you would like to learn more about DMARC and DNS records, please see the following resources:

Preparing to publish your custom DMARC record

Before you publish a custom DMARC record for your email domain, you'll want to make sure your domain's SPF record in DNS includes all of the senders you approve to send email as/from your domain and that it ends with "~all" or "-all".

Publishing your custom DMARC record

Once your domain's SPF record in DNS has been updated to include only senders you approve to send as/from your domain, and you've taken steps to set up custom domain authentication via DKIM for any/all third-party email vendors that send as/from your domain, you may take the next steps to publish a custom DMARC record for your email domain in DNS however you normally publish DNS records or request their publication.

DMARC record publication location

Publish a TXT record in DNS at the following location, replacing yourdomain.wisc.edu with the domain for which you'd like the record published:

_dmarc.yourdomain.wisc.edu

Different options for publishing your custom DMARC record

  • Effective Quarantine Record
  • Use the following value when publishing the DMARC record so that it instructs recipient mail systems to quarantine messages that fail your DMARC policy and provide failure reports to UW-Madion's mail system administrators:

    "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@wisc.edu; ruf=mailto:dmarc-forensics@wisc.edu; fo=1; sp=none;"

    Note: to change the percentage of quarantined failed messages, change the value in the "pct=" tag in the record to any value between 0 and 100.

  • Reject Record
  • Use the following value when publishing your DMARC record so that it instructs recipient mail systems to reject messages that fail your DMARC policy and provide failure reports to UW-Madison's mail system administrators:

    "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-reports@wisc.edu; ruf=mailto:dmarc-forensics@wisc.edu; fo=1; sp=none;"

    Note: to change the percentage of rejected failed messages, change the value in the "pct=" tag in the record to any value between 0 and 100.