Monitoring DMARC setup

Procedure

1. Go to Outbound Protection → Domain-based Authentication → Domain-based Message Authentication, Reporting and Conformance (DMARC) Monitoring.
2. Go to DMARC Record Check.
3. Optionally specify the search criteria and click Search.
4. Check the DMARC setup status for the managed domains.

   Item	Description
   Managed domain	Domain protected by Trend Micro Email Security. All protected domains are listed in the table.
   Outbound Protection	Whether outbound protection is enabled for the domain. Enabled Disabled To enable outbound protection, go to Domains, click the domain, and select Enable outbound protection on the displayed screen for editing domain information.
   SPF	Whether SPF is enabled for the domain. Enabled Disabled SPF is disabled in either of the following scenarios: No SPF record is available for the domain. The Trend Micro Email Security server is not included in the SPF record. To enable SPF, depending on your scenario, set up an SPF record for the domain or add the Trend Micro Email Security server address to the SPF record for the domain. You can click Disabled to go to the Domains screen and follow the onscreen instructions for SPF setup in the Outbound Servers section. For more information, see Adding SPF records.
   DKIM	Whether DKIM is enabled for the domain. Enabled Disabled DKIM is disabled in any of the following scenarios: The DKIM record is not published or is published incorrectly. The DKIM record is published but is still being propagated. DKIM is enabled after the DKIM record propagation is completed. No DKIM signing policy is created in Trend Micro Email Security. The DKIM signing policy is disabled in Trend Micro Email Security. To enable DKIM, depending on your scenario, check the publish of your DKIM record for the domain, or click Disabled to go to the DKIM Signing screen and create or enable a DKIM signing policy for the domain.
   DMARC	Whether DMARC is enabled for the domain. Enabled The screen also shows the policy tag specified in the DMARC record, which can be none, quarantine, or reject, and whether the policy is inherited from an organizational domain, You can click Enabled to view the details about the published DMARC record. If you want to update the DMARC record, click Modify to generate a new record and publish it to the DNS server. For details about DMARC record options, see Generating a DMARC record. Disabled DMARC is disabled in any of the following scenarios: No DMARC record is available for the domain. No policy tag is specified in the DMARC record. To enable DMARC, depending on your scenario, set up a DMARC record for the domain or specify a policy tag in the DMARC record. Trend Micro Email Security provides a DMARC record generator to facilitate your DMARC setup. You can click Disabled to create a DMARC record for the domain. For details, see Generating a DMARC record.
   BIMI	Whether BIMI is enabled for the domain. Enabled Though enabled, BIMI may not work properly in the following scenarios: No Verified Mark Certificate (VMC) is provided. DMARC policy for the domain and the organizational domain (if different) is not enforced. Note BIMI only works when the DMARC policy for the domain and the organizational domain (if different) is at enforcement. Disabled BIMI is disabled in any of the following scenarios: No BIMI record is available for the domain. The BIMI record is published incorrectly. The SVG image or VMC certificate provided in BIMI record generation is invalid. To make BIMI work, depending on your scenario, update your DMARC record or generate a BIMI record for the domain. Trend Micro Email Security provides a BIMI setup wizard where you can view the details about your DMARC and BIMI status and update the problematic record. You can click Enabled or Disabled to open the BIMI setup wizard. Trend Micro Email Security also provides a BIMI record generator to facilitate your BIMI setup. For details, see Generating a BIMI record and Implementing BIMI.