Office 365 - Publishing a Custom DMARC Record for Your Email Domain in DNS

Audience: Domain Administrators and Departmental/Organizational IT Support Staff

This article provides instructions for publishing custom DMARC records in DNS for UW-Madison email domains. Information about the protection of UW-Madison email with DMARC can be found here: Email Authenticity

Note: This article assumes fundamental knowledge of DNS records and DMARC. If you would like to learn more about DMARC and DNS records, please see the following resources:

Preparing to publish your custom DMARC record

Before you publish a custom DMARC record for your email domain, you'll want to make sure your domain's SPF record in DNS includes all of the senders you approve to send email as/from your domain and that it ends with "~all" or "-all".

  1. Use the DMARC Info tool in the Wisc Account Admin Site to view IP addresses sending as/from your domain over the past several days and stage potential changes to your domain's SPF record.

  2. Reach out to any and all third-party email vendors your organization contracts with and request that they work with you to set up custom domain authentication via SPF and DKIM for your subdomain (e.g. Steps for how to do this with some of campus's commonly used third-party email vendors are below:

Publishing your custom DMARC record

Once your domain's SPF record in DNS has been updated to include only senders you approve to send as/from your domain, and you've taken steps to set up custom domain authentication via DKIM for any/all third-party email vendors that send as/from your domain, you may take the next steps to publish a custom DMARC record for your email domain in DNS however you normally publish DNS records or request their publication.

DMARC record publication location

Publish a TXT record in DNS at the following location, replacing with the domain for which you'd like the record published:

Different options for publishing your custom DMARC record

See Also: