For proper email security we require our recipients mail servers to know that they are receiving emails from our proper email servers, and if not, then the emails are applied a DMARC policy of either reject or quarantine (send to recipients’ SPAM folder).

Go to the Google Toolbox and confirm the following DNS records exist for your domain:

SPF

DKIM

DMARC.

We ordinarily configure SPF and DKIM first, and let these populate, and monitor your emails delivery is working as it should for 72 hours. Once DKIM and SPF are confirmed correct by yourself, and your email host, you move onto configuring DMARC. In a nutshell, DMARC is a validation done by the recipient’s mail servers that your email is indeed from your email server, and not from a rogue server.

You configure the DMARC as followed. First you configure so the DMARC is checked on 30% of emails sent, then you move up in 10% increments each week. We recommend enacting a quarantine policy instead of reject. At least if your email is legitimate, but gets marked as suspicious by the recipient, it is then delivered to SPAM folder, and your recipient is able mark as Not Spam, or Important, and this training the recipients servers that your emails are safe.

v=DMARC1; p=quarantine; rua=mailto:user@emaildomain.com.au; pct=30; adkim=r; aspf=r

The syntax explanation:

v DMARC1 Version Identifies the record retrieved as a DMARC record. It must be the first tag in the list.

p quarantine Policy Policy to apply to email that fails the DMARC test. Valid values can be 'none', 'quarantine', or 'reject'.

rua mailto:user@emaildomain.com.au Receivers Addresses to which aggregate feedback is to be sent. Comma separated plain-text list of DMARC URIs.

pct 30 Percentage Percentage of messages from the Domain Owner's mail stream to which the DMARC policy is to be applied. Valid value is an integer between 0 to 100.

adkim r Alignment Mode DKIM Indicates whether strict or relaxed DKIM Identifier Alignment mode is required by the Domain Owner. Valid values can be 'r' (relaxed) or 's' (strict mode).

aspf r Alignment Mode SPF Indicates whether strict or relaxed SPF Identifier Alignment mode is required by the Domain Owner. Valid values can be 'r' (relaxed) or 's' (strict mode).

We recommend starting softly with the DMARC, and then monitoring your delivery to ensure email is getting delivered! You can change the policy for Strict or relaxed switches, and increasing the percentage in 10% increments as discussed. You could also change from quarantine to Reject, just be mindful of your email DMARC policy being too strict, and your emails being rejected too often.

Google Toolbox for checking DNS records are correct:

https://toolbox.googleapps.com/apps/dig/

MXToolbox (also checks Syntax, which Google Toolbox doesn’t seem to.

https://mxtoolbox.com/SuperTool.aspx