DMARC records are used in combination with SPF and DKIM records to tell a server what to do when it receives mail that from an unverified server.
DMARC records also help identify your server as a legitimate mail server, so they should be set up for all domains that you plan on using to send mail with.
The DMARC records are created just the same as any other type of DNS record. Open the DNS zone file editor of your choice based on your setup, add/change the DMARC record, then save the changes.
The basics of the record are as follows:
Name: _dmarc TTL: 3600 Type: TXT TXT data: See below
For the text data you will use specific options depending on what behavior you would like to see.
Do nothing with SPF/DKIM failures: "v=DMARC1; p=none; sp=none; rf=afrf; pct=100; ri=86400" Reject SPF/DKIM failures: "v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ri=86400" Quarantine SPF/DKIM failures: "v=DMARC1; p=quarantine; sp=none; rf=afrf; pct=100; ri=86400"
If you would like to receive a notification on a failed DMARC validation, you can add an e-mail address to the record as well.
"v=DMARC1; p=none; sp=none; ruf=mailto:firstname.lastname@example.org; rf=afrf; pct=100; ri=86400"