Hi,
I'd second Viktor Dukhovni's opinion. For the vast majority of mail
servers, a minimalistic DMARC policy suffices, just add the following
record in the domain's DNS root zone:
_dmarc 10800 IN TXT "v=DMARC1; p=none;"
If you want to go a step further, you can just monitor how DMARC is
applied by receiving mail servers to mails that (pretend to) come from
your domain. Just add a "rua" ("reporting aggregate reports") entry:
_dmarc 10800 IN TXT "v=DMARC1; p=none; rua=mailto:postmas...@yourdomain.com";
You'll then start receiving a daily report from the mail servers that
implement DMARC reporting *and* that received at least one mail coming
from (or pretending to come from) your domain. In most cases you'll only
receive reports from Google and Yahoo. These reports are XML files, which
are difficult to read, so you should find a tool that helps you to make
sense of them.
The possible next steps are to use "p=quarantine", which basically means
"deliver the mail but flag it as spam", and "p=reject", which means what
it means: do not accept the email. But as Viktor said these policies are
not recommended for a domain which does not handle sensitive information
(bank, government, hospital, ...).
Gregory
