DMARC (Domain Message Authentication, Reporting, and Conformance) is an email validation system designed to detect and prevent email spoofing. For organizations, publishing a DMARC record helps them see if anyone is trying to spoof their domain. For ISPs, DMARC policies tell them how to handle the incoming mail when the email appears to be spoofed. It is important to publish a custom DKIM key for your domain before you publish your DMARC or else your email may not get delivered to the inbox.
Before publishing your DMARC
2. Publish a DMARC with a policy of `none` to evaluate deliverability and authentication
3. Update DMARC with a policy of `quarantine` once everything looks good
NOTE: If specifying `aspf` in your DMARC record, it must be set to `r` (relaxed), the default value. You CANNOT have aspf set to `s` (strict).
Resources for more information