On the Domains tab, click on the name of the registered domain to configure. The Configuration page shows four areas where configuration changes can be made.
Enforcement and Reporting
- Policy: Change the enforcement policy from None to either Quarantine or Reject.
- Failure Report Emails: Provide an email address for receiving failure reports. You can also have the reports sent to Symantec Support. Symantec Support normally does not collect these reports due to the risk of unintentionally gathering personally identifiable information (PII).
- Aggregate Report Emails: Provide an email address for receiving aggregate reports. Symantec Support will receive these automatically.
- Add a DMARC policy for a subdomain: Please contact Symantec Support before using this function.
Your Email Domains
By default, your account has one email domain (the registered domain itself), although subdomains may be needed for email authentication purposes. Each domain can be configured with the following functions:
- Enabled Senders: Add third-party email senders (Email Service Providers) from a drop-down list.
- Netblocks: If the domain has its own hosted email senders, specify them here. Alternatively, enter a netblock and an associated third-party email sender
- Custom Directives: In the case of complex email infrastructures, custom directives can be entered here. Please contact Symantec Support before making any changes in this section.
To add an email domain, click Add an Email Domain and enter the domain name.
To prevent any email from being sent from the subdomain, click Block email from this domain. Because clicking this option "locks down" the domain so that you cannot send an email with a From @ that domain address, Symantec recommends that you complete the Email Fraud Protection onboarding process before using this option.
DKIM Keys
Click "Add a DKIM Key" button to add a key. You add a selector, public key, and other information to be maintained in the Email Fraud Protection platform DNS.
External Reporting Domains
DMARC aggregate reports may generally only be sent to an email address at the given domain. However, customers who have multiple registered domains may find it useful to centralize all DMARC reporting under one domain.