Identify a Target Domain or Set of Domains
After spending a period of time monitoring the data in DMARC Protection, you should begin to think about identifying a target set of domains to begin securing.
For example, some strategies could be:
- Start with your primary domain, or your highest volume domains
- Start with defensive domains, and then move to active domains
- Start with business-critical or back-end system automation domains with consistent or uniform sending profiles
- Or, start with non-business-critical first
Perhaps your primary domain — and not specific subdomains — is used for all email communications from your company; for example, an email with the address joe@foo.com is as likely to be used for daily corporate communication as it is to be used for receipts or order confirmations, newsletters, marketing campaigns, or messaging from your CRM system.
If this is the case, tackling your primary domain first may be the most prudent.
By definition, defensive domains should be sending no email, and so they are easier to lock down with stringent policies. (An unprotected defensive domain which isn’t locked down is exposed to potential abuse from spammers.) Using data in DMARC Protection, you can catalog defensive domains and move quickly to a DMARC reject policy.
After shoring up the policies for defensive domains, you can concentrate on those domains which are intended to send legitimate mail for your organization.
If, for example, your organization sends customer support mail from a single subdomain (e.g. support.foo.com) from a single third-party sender (e.g. Zendesk), it may be easier to implement authentication for this domain first.
Conversely, if you do not want to disrupt the deliverability of business critical email, consider starting with domains that send marketing mail first, as it may be easier to identify a “cut-over” for sending authenticated email from these scheduled mailers.
Regardless of which strategy you choose, you should group domains using the Configure > Manage Domains view as described in Domain Groups.