This article contains information on the DNS Delegation feature in Mimecast DMARC Analyzer, which centralizes management of DMARC, SPF, and DKIM DNS records, simplifying configuration and monitoring.
Overview
The DNS Delegation in Mimecast DMARC Analyzer provides a centralized interface to manage and monitor the delegation of DNS records for your domains. By using this page, administrators can simplify the configuration and ongoing maintenance of DMARC, SPF, and DKIM records, helping ensure proper email authentication and alignment with best practices.
Instead of managing all DNS records directly in each external DNS provider, you can use DNS Delegation to:
- Track which domains have delegation enabled.
- See the status of DMARC, SPF, and DKIM delegation at a glance.
- Access guided workflows for adding new domains.
- Retrieve copy‑ready DNS records for email authentication.
Considerations
When using DNS Delegation in Mimecast DMARC Analyzer, keep the following considerations in mind to ensure a smooth and secure implementation.
- Scope and Impact of Delegation:
- DNS Delegation centralizes control of specific email‑related DNS records (DMARC, SPF, DKIM) for your domains.
- Before enabling delegation, confirm which domains are in scope and ensure that internal stakeholders (DNS, security, and email operations) understand which records will be managed through the DNS Delegation page rather than directly at the DNS provider.
- Review the Details column for each domain to identify any existing records that may conflict with delegated records.
- DMARC Policy Choice
- The DMARC column in the Delegated Domains table reflects the policy applied to each domain (for example, p=none, p=quarantine, p=reject).
- During the Add Domain workflow, select a DMARC policy that aligns with your current stage of deployment:
- Start with None (Recommended) for monitoring and data collection.
- Move to Quarantine or Reject only when you have validated all legitimate sending sources.
Changes to DMARC policy can affect mail delivery; coordinate policy updates with the appropriate stakeholders and roll them out in a controlled manner. Ensure only authorized administrators can access and change delegation settings.
- Existing DNS Records and Conflicts
Before delegating a domain, check whether DMARC, SPF, or DKIM records already exist at your DNS provider:
- If they do, plan how to transition them to the delegated configuration.
- Use the DNS Record Configuration section for each domain to compare current records with the Mimecast‑generated ones.
- Managing Multiple Domains
For organizations with many domains, regularly review the Delegated Domains table to:
- Ensure all active sending domains are represented and correctly configured.
- Remove or update domains that are no longer required or have changed ownership.
- Periodically validate that all critical domains appear in the Delegated Domains table and have appropriate DMARC policies and delegation statuses.
Adding Domain to DNS Delegation
To Add Domain to DNS Delegation follow these simple steps below:
- Log into Mimecast Administration Console
- Navigate to More Services | DMARC Analyzer 2.0 | DNS Delegation
- Click Add Domain to starts a guided setup wizard
- Select one or multiple domains from the list, and if the desired domain is not available, you can manually add the domain in the Add new domain(s)
- Select a DMARC policy:
- None – For monitoring only, with no enforcement.
- Quarantine – Messages failing DMARC checks are treated as suspicious.
- Reject – Messages failing DMARC checks are rejected.
- Review and confirm the configuration before completing setup.
- Click Finish
Key elements of the DNS Delegation page include
Summary Cards
At the top of the page, summary cards provide a quick overview of delegation status:
- Delegated Domains – Total number of domains with DNS delegation enabled, highlighting incomplete or pending setups.
- DMARC Delegation – Number of domains with DMARC delegation enabled, including those not set up or pending.
- DKIM Delegation – Number of domains with DKIM delegation enabled, highlighting incomplete or pending setups.
- SPF Delegation – Number of domains with SPF delegation enabled, including those not set up or pending.
Delegated Domains Table
The table shows a detailed breakdown of all delegated domains and their DNS record statuses. Important columns include:
- Domain – The domain name being monitored.
- DMARC – The DMARC policy applied to the domain (for example, p=none, p=quarantine).
- DKIM – Whether DKIM delegation is active, pending, or not set up.
- SPF – The SPF delegation status (for example, active, not set up).
For each domain, you can open the ellipsis (•••) menu to view additional actions or configuration details.
Search and Filter Options
- Search for Domain: Quickly locate specific domains by entering their names.
- Filter by: Apply filters to refine the data displayed in the table based on specific criteria, such as delegation status or record type.
DNS Record Configuration
- For each domain, the page provides detailed instructions for configuring DNS records.
- Users can view and copy the required DNS entries for DMARC, SPF, and DKIM delegation.
- Example:
SPF Delegation: Displays the TXT record to be added to the domain's DNS settings.
Compressed and Normalized Views: Provides both a compressed and expanded version of the DNS record for easier implementation.
Comments
Please sign in to leave a comment.