DMARC record

A properly created DMARC record works in conjunction with other features to help prevent impersonated messages from being delivered to your users.  Before creating the DMARC record for a tenant domain, a proper SPF record MUST BE PUBLISHED and preferably DKIM records are also published.

Note: See 
https://app.drift.com/help/article/spf 
for information on how to configure an SPF record.

In the examples below domain is the client's domain that contains a working SPF record (i.e. protectedtrust.com), and atp@domain.com should be the atp@domain shared mailbox that has already been created in a tenant's organization.  By setting a rua address (Report URI Aggregate) we're specifying a location where reports of DMARC failures will be sent.  An alternative is setting a ruf address (Report URI Forensic) which will collect detailed reports for each message that fails (this is a lot of detail that we probably don't need).

This record will instruct to notify the atp@ address rather than quarantine (recommended for testing):
TXT: _dmarc.domain 3600 IN TXT “v=DMARC1;p=none;rua=mailto:atp@domain.com”

The following record will instruct to quarantine messages:
TXT: _dmarc. domain 3600 IN TXT “v=DMARC1; p=quarantine”


Dmarc record Format
https://dmarc.org/overview/
https://dmarc.org/draft-dmarc-base-00-01.html#dmarc_format