DMARC record

A properly created DMARC record works in conjunction with other features to help prevent impersonated messages from being delivered to your users.  Before creating the DMARC record for a tenant domain, a proper SPF record MUST BE PUBLISHED and preferably DKIM records are also published.

Note: See 
for information on how to configure an SPF record.

In the examples below domain is the client's domain that contains a working SPF record (i.e., and should be the atp@domain shared mailbox that has already been created in a tenant's organization.  By setting a rua address (Report URI Aggregate) we're specifying a location where reports of DMARC failures will be sent.  An alternative is setting a ruf address (Report URI Forensic) which will collect detailed reports for each message that fails (this is a lot of detail that we probably don't need).

This record will instruct to notify the atp@ address rather than quarantine (recommended for testing):
TXT: _dmarc.domain 3600 IN TXT “v=DMARC1;p=none;”

The following record will instruct to quarantine messages:
TXT: _dmarc. domain 3600 IN TXT “v=DMARC1; p=quarantine”

Dmarc record Format