Domain-based Message Authentication, Reporting & Conformance
DMARC is a policy layer on top of DKIM and SPF. It is intended to prevent domain name impersonation ("phishing") and abuse. It also specifies a means for forensic reporting so that domain owners can gather statistics and monitor abuse.
_dmarc.example.com. 900 IN TXT "v=DMARC1; p=none; rua=mailto:firstname.lastname@example.org"
The above allows a sender to start testing their configuration and gather daily aggregate reports from recipient servers concerning the sender's domain. DMARC allows for one or more email and/or HTTP URLs for report gathering. Once satisfied, the _dmarc.example.com. record should change the policy p=none to p=reject. Note the 900 TTL can be removed or set larger once the final DMARC record is approved; the shorter TTL is just used during testing and evaluation.