Sender Management With Rapid DMARC

As with public DMARC policies, in Rapid DMARC you must have your senders properly authenticated in order to safely enforce a policy to delete or quarantine inauthentic messages from your domains.

The difference is that Rapid DMARC sender management is fast and easy. You simply look at the senders and IPs for your internal domains and see how Cloud Email Protection has modeled them. If you agree with the models, there is no need for further action, although you may choose to explicitly approve your large senders. If you have senders that are difficult to align identities for with public DMARC, you don't have to worry about that for Rapid DMARC. There is no need to contact the sender and implement DNS changes; just click "Approve" on your Senders page and you're done.

Once you are comfortable with your senders in Cloud Email Protection, you can move the Manage > Policies page and set up your Rapid DMARC policy for enforcement.

Customers on-boarded starting in January of 2018 have a default Rapid DMARC policy that is already created for you.

  1. Go to Manage > Policies.
  2. Click the Rapid DMARC policy name.
  3. Under the policy name, move the slider to Enable.
  4. Scroll down to the Actions section to set up your enforcement action for this policy and to enable an alert on policy matches.
  5. Click Save.

Customers that were set up in Cloud Email Protection before January 2018 did not receive a Rapid DMARC policy. You can create your Rapid DMARC policy with these steps:

  1. Go to Manage > Policies.
  2. Click Create Policy.
  3. In Policy Name enter "Rapid DMARC".
  4. Scroll down to Domain Tags and click in the empty box. Select internal from the list of available domain tags.
  5. Scroll down to Scoring .
  6. Move the top end of the Trust Score Range to 4. It should look like this:
    Add Authenticity Score Range.
  7. In Attack Type, click the empty box and select "Domain Spoof" from the list of available attack types.
  8. Click Save.