To setup DMARC for your Google Workspace emails, it's actually simple!
Step 1: Create a TXT record.
Step 2: Set the Host (name) to _dmarc.domain.com
note: make sure you replace .domain with your domain or leave it off in some cases where your domain registrar might already append it.
Step 3: Set the value to v=DMARC1; p=none;
DMARC is a verification protocol that ensures there is a match between SPF and DKIM checks, allowing the sender to dictate to the receiver's server how to manage failed authentications through specific policies, which include rejecting or quarantining the emails. Additionally, a "none" policy option is available, leaving the decision on how to handle message filtering to the recipient's server.
DMARC policy settings:
- Reject: Emails failing authentication should be blocked from delivery (p=reject).
- Quarantine: Emails not passing authentication should be directed to the spam folder (p=quarantine).
- None: Leaves the decision on handling failed authentications to the email service providers, without specific instructions (p=none).
At present, the minimal requirement under new regulations is the p=none policy, serving as an initial step to encourage universal DMARC adoption. By the close of 2024, it's anticipated (and considered probable) that major email providers like Gmail and Yahoo will mandate more stringent policies, such as p=reject, thereby shifting the obligation onto the senders to have receiving servers discard emails that don't pass authentication checks.