As simple as this mechanism is to set up, it’s always has been pretty solid against the abuse of a domain. DMARCs strength lies in collaboration: Email senders that publish DMARC policies receive feedback reports from DMARC-compliant message recipients about unauthenticated messages purporting to come from any of the sending organization’s domains.
Implementing it is in most cases very easy, when you don’t specify a complicated policy. In it’s simplest form it looks like this:
_dmarc 5 MIN TXT v=DMARC1; p=reject;
This will be enough in most cases.
Something more complicated it can look like this:
_dmarc 5 MIN TXT v=DMARC1; p=none; sp=quarantine; pct=100; rua=mailto:firstname.lastname@example.org;
If you DO want a policy but DON’T want to reject (not advisable) your could do with this:
_dmarc 5 MIN TXT v=DMARC1; p=none;