Add Organization Domains for DMARC Policy Publication
TIP: If you published DMARC records with a p=None policy for all of the domains you are planning to protect with DMARC Protection, you can skip this step! Those domains will be automatically added and verified by Agari.
If you have additional domains for which you have not published a p=None policy, then just add them in DMARC Protection. In DMARC Protection, most activities are centered around the domain. Your activity in this step will be to let DMARC Protection know which domains are associated with your organization.
- Go to Status > Protection.
- Click Add Domains.
- Enter the information about your domains.
How do you want to add your domains? You can type one or more domains or upload a file with domain information.
- Select Type in your domain(s), then enter one or more domains in the text field, separated by commas.
- Select Upload a file of domain names (txt or csv), then click Choose File and select a file that contains one or more domain names separated by commas.
Add to these Custom Domain Groups Click in the field to add the domain(s) to one or more domain groups. (See Domain Groups.)
You can also click Add a new group to create a new domain group.
Set the Agari Policy This determines the DMARC policy level for the domains you are adding. Mark as Defensive A defensive domain is a domain similar to your company domain that does not send email but that you own to keep others from owning it. Mark as Third Party A third-party domain is a domain where the content and email are managed by a third party. This is common for subdomains. For example, warriors.nba.com. Mark as Primary Your important domains that you want to move to reject as soon as possible. - Click Add your domains.
You will see a verification message. At this point, Agari will verify that your organization is responsible for these domains, which may take up to 24 hours.
You can see a list of unverified domains by going to Configure > Unverified Domains.
What’s an Unverified Domain?
You can specify policy and see data only for verified domains.
An Agari representative takes an action to ensure that any domain uploaded into the system domain is ready to be managed, verifying the domain. Agari will periodically check all unverified domains to see if changes have occurred that allow them to be verified. You can resubmit a domain for verification to have it rechecked sooner.
The quickest method to have a domain verified is to publish a DMARC record for the domain. To do this, see Publish the DMARC Record in DNS. Agari strongly recommends this method. Publishing a DMARC record for a domain requires that you modify the DNS entry for the domain, which is another way of showing that you have you have authority over the domain. (By verifying every domain entered into the system, Agari can ensure that no domains are mistakenly or inadvertently entered).
Once Agari verifies the domain, you can have the DMARC record hosted by Agari. See Host Your DMARC Records at Agari for details. Once a domain's DMARC record is hosted by Agari, any changes in DMARC Protection that affect the DMARC record are made to the record quickly, securely, and automatically.
Additional Options regarding DNS and Verification
Update the DNS name server record (NS record) for your domain so that it is something that Agari can correlate to your organization. If the DNS for your domain is managed by an external DNS provider this may not be possible.
Example: You are trying to register cat.com in DMARC Protection. If dog.com has already been approved by Agari for your organization and the NS record for cat.com is ns1.dog.com, then Agari can trust that you have authority over cat.com (because DNS for cat.com is controlled by a domain that we know is yours).
Update the DNS mail exchanger record (MX record) for your domain so that it is something that Agari can correlate to your organization. This is not always possible; it depends on how email is hosted for your domain.
Example: You are trying to register cat.com in DMARC Protection. If dog.com has already been approved by Agari for your organization and the MX record for cat.com is mail1.dog.com, then Agari will trust that you have authority over cat.com (because all mail sent to cat.com is directed to a domain that we know is yours).