<p>Set-up the following DNS record at your domain registrar to enable the strictest DMARC implementation possible:</p> <table> <thead> <tr> <th>Domain</th> <th style="text-align: center;">Type</th> <th>Content</th> </tr> </thead> <tbody> <tr> <td>_dmarc</td> <td style="text-align: center;">TXT</td> <td>v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; pct=100; fo=1; rua=mailto:user@example.org; ruf=mailto:user@example.org;</td> </tr> </tbody> </table> <blockquote> <p>:warning: Replace <code>user@example.org</code> with the account that should receive DMARC reports (2x).</p> <p><code>v=DMARC1</code> defines te DMARC version applicable.</p> <p><code>p=reject</code> if the DKIM check fails, reject the e-mail (for top-level domain).</p> <p><code>sp=reject</code> if the DKIM check fails, reject the e-mail (for sub-level domain).</p> <p><code>adkim=s</code> DKIM domain name must match sender's domain name.</p> <p><code>aspf=s</code> DKIM domain name must match MAIL FROM entry sent by MTA.</p> <p><code>pct=100</code> all mails sent by this domain must pass the DMARC checks.</p> <p><code>fo=1</code> inform the admin if any check fails.</p> <p><code>rua=mailto:user@example.org</code> to what address to send the aggregated reports.</p> <p><code>ruf=mailto:user@example.org</code> to what address to send the failure reports.</p> </blockquote>