Your domain can have 3 different statuses inside Authenticate: CONTROL, VISIBILITY ONLY and BLOCKED. All 3 statuses depend on the sending status of that domain and on how the pointing of the DMARC record to Valimail is being done for that domain.
What is very important to know is that your domain, be it a sending domain or a non-sending domain, can be successfully protected within Authenticate by applying the appropriate status for that respective domain correctly.
TABLE OF CONTENTS
- Control domains
- Visibility Only domains
- Blocked domains
- Steps to change the domain status in Authenticate:
If you have an active domain that is actively sending emails, the appropriate action is to let that domain be in Control status.
Keeping the domain in Control mode within Authenticate will mean that you will continue to see the aggregate reports and email traffic within Authenticate and also you will be able to switch your active domain to DMARC Enforcement in Authenticate, whenever the need/situation will apply for that change.
Switching your domain to DMARC Enforcement (p=Quarantine or p=Reject) will mean that your domain will be then protected against spoofing and impersonations attempts - the DMARC Enforcement policy will let the receiver know what you recommend for an unauthenticated email to happen, which will be Quarantine or Reject it.
Note: In Authenticate, the Control status is set automatically on a sending domain, when you point DMARC to Valimail with an NS record (not a TXT one).
Visibility Only domains
Active sending domains that you only wish to monitor in Authenticate, will have the Visibility Only status.
Because this setting just offers you visibility on the aggregate reports for that domain in Authenticate, you will not have access to the configuration for SPF and DKIM on the domain that is set to Visibility Only.
Note: The Visibility Only status will apply automatically on a sending domain if you point DMARC to Valimail via a TXT record, which means just monitoring the aggregate reports on that domain.
It is very important that you lock any non-sending domain within Authenticate. Non-sending domains can be a target for spoofing as well and they need to be protected too.
After a domain is locked inside Authenticate using the Blocked status, that domain will be safe against any spoofing attempts from thereon.
The Blocked status for non-sending domains has the same effect as the DMARC Enforcement policy of p=Reject set on a normal active sending domain.
Note: In order to be able to set a non-sending domain to Blocked in Authenticate, you will need to point DMARC to Valimail with an NS record (not a TXT one). After that, you can go and set that non-sending domain to Blocked.
Steps to change the domain status in Authenticate:
1. In Authenticate, click on the domain you wish to make this change on.
2. In the upper right corner, you will see the current status for that domain. Click on Control/Blocked
3. From window that pops up next (see below), please choose Control or Blocked based on what applies for that domain: