Implement DMARC

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that helps protect your domain from spoofing, phishing, and unauthorized use. It builds on two other standards: SPF and DKIM — both of which are configured through DNS records while adding a domain on Waypoint.

Why does it matter?

By implementing a DMARC policy, you:

Improve email deliverability by showing mail providers your emails are legitimate.
Protect your domain from being spoofed or abused.
Gain visibility into how your domain is used through DMARC reports.

How to setup a DMARC policy

Step 1: Ensure SPF and DKIM are setup

While adding a verified domain on Waypoint, you’ll receive step-by-step instructions for adding the necessary DNS records to pass SPF alignment and DKIM authentication checks.

Once those are verified, you can enforce a DMARC policy as the final step to fully authenticate your emails and improve deliverability.

Step 2: Create your DMARC Record

Adding a DMARC policy is just creating a new TXT record in your domain’s DNS settings.

Example:

Name	Type	Value
_dmarc.example.com	TXT	”v=DMARC1; p=none; rua=mailto:my_dmarc_report@example.com”

Parameter	Description
`v=DMARC1`	Indicates the version.
`p=none \| quarantine \| reject`	What to do with failing mail
`rua=mailto:...`	Where to send daily aggregate reports

Step 3: Monitor and adjust

Once your record is published, your emails should now be fully authenicated with the DMARC check now passing.

Dmarc Pass

Example of an email sent through Waypoint with DMARC verified on Gmail.

Next steps:

Monitor the reports sent to your rua address
Make sure all legitimate email sources are passing SPF or DKIM
Gradually strengthen your policy:
- Start with p=none
- Move to p=quarantine to filter suspicious emails
- Consider p=reject to block unauthenticated messages