Step 1:

SPF and DKIM records are required for DMARC. In case you shouldn't have set up these records yet, please follow the respective tutorials:

SPF
DKIM (in case of using our email server)
DKIM (in case of using an external email server)

DMARC allows you to give recommendations of how a recipient server should handle an email in case of violations against SPF and DKIM. Furthermore, you have the option to get informed in case of violations.

Step 2:

Log in to your KAS (Technical Administration) panel and click the menu item Tools -> DNS Settings.

Edit the respective domain for which you want to make changes on the DNS settings and click on Add a new DNS record afterwards.

Step 3:

The Name is always "_dmarc". The DNS record Type for DMARC is "TXT". A Priority doesn't exist. The record in the Data field can look like this for instance:

v=DMARC1; p=reject; rua=mailto:mail@ihre-domain.de; ruf=mailto:mail@ihre-domain.de; adkim=s; aspf=r

Parameter and value must be stated with an equality sign (=) without spaces in between and must be closed by semicolon (;).

Required parameters:

v = indicates the DMARC version, must include the value "DMARC1" and needs to be placed at first position

p = indicates the rule for the domain of how the recipient server should handle the email in case of violations against SPF and DKIM, the following values are possible:

none - no measures
quarantine - the affected email should be handled as suspicious and will get marked or moved to the spam folder
reject - the affected email should be declined

Optional parameters:

sp = indicates the rule for the subdomains

pct = indicates the number of email messages in percentage terms for which the DMARC rule should be applied, default is 100%

rua = indicates the list of email addresses (comma separated) to which the overall report should be sent

ri = indicates the max. interval in seconds between the sending of each overall report, default is "86400" seconds = 24 hours

ruf = indicates the list of email addresses (comma separated) to which a detailed report about the email messages should be sent that have failed the DMARC score

rf = indicates the format for detailed reports, default is "afrf" which is currently the only supported format

fo = indicates options for the detailed report, options are "0", "1", "d" and "s", multiple options are separated by colon, e.g. "fo=0:s", default is "fo=0"

fo=0 - generates a report in case of a violation against SPF and DKIM
fo=1 - generates a report in case of a violation against SPF or DKIM
fo=d - generates a report in case of a violation against DKIM
fo=s - generates a report in case of a violation against SPF

adkim = Balance mode DKIM, default is "r"

s (strict mode) - the domain in the DKIM signature and the domain which is stated as FROM in the email's header must be equal
r (relaxed mode) - a subdomain is also allowed

aspf = Balance mode SPF, default is "r"

s (strict mode) - the domain which is stated as FROM in the email's header and the domain which is stated in the so-called SMTP envelope must be equal
r (relaxed mode) - a subdomain is also allowed


Additional notice on "rua" and "ruf":

If the email addresses to which the reports are sent to belong to another domain, then the other domain requires a DNS record for verification purposes.

If the DMARC record is valid for the domain "example.com" for instance and the email addresses belong to "your-domain.net", then the following DNS record must be determined for "your-domain.net":

example.com._report._dmarc.your-domain.net TXT "v=DMARC1"