Use DMARC to harden SPF and DKIM

article #1255, updated 350 days ago

The following TXT record contents:

v=DMARC1; p=reject; pct=100; adkim=s; aspf=s

at least theoretically, should harden SPF and, if present, DKIM. “=s” means “strict”. According to DMARC documentation, DMARC can be used without DKIM, and experiences with a first setup of the above without DKIM are playing out well so far.

To use the above, create a TXT record of name _dmarc with those contents.

Some more info is here: