Your domain can have 3 different statuses inside Enforce: ACTIVE, REPORTING ONLY and BLOCKED. All 3 statuses depend on the sending status of that domain and on how the pointing of the DMARC record to Valimail is being done for that domain.
What is very important to know is that your domain, be it a sending domain or a non-sending domain, can be successfully protected within Enforce by applying the appropriate status for that respective domain correctly.
TABLE OF CONTENTS
If you have an active domain that is actively sending emails, the appropriate action is to let that domain be in Active status.
Keeping the domain in Active mode within Enforce will mean that you will continue to see the aggregate reports and email traffic within Enforce and also you will be able to switch your active domain to DMARC Enforcement in the Enforce platform, whenever the need/situation will apply for that change.
Switching your domain to DMARC Enforcement (p=Quarantine or p=Reject) will mean that your domain will be then protected against spoofing and impersonations attempts - the DMARC Enforcement policy will let the receiver know what you recommend for an unauthenticated email to happen, which will be Quarantine or Reject it.
Note: In Enforce, the Active status is set automatically on a sending domain, when you point DMARC to Valimail with an NS record (not a TXT one).
Reporting Only domains
Active sending domains that you only wish to monitor in Enforce, will have the Reporting Only status.
Because this setting just offers you visibility on the aggregate reports for that domain in Enforce, you will not have access to the configuration for SPF and DKIM on the domain that is set to Reporting Only.
Note: The Reporting Only status will apply automatically on a sending domain if you point DMARC to Valimail via a TXT record, which means just monitoring the aggregate reports on that domain.
It is very important that you lock any non-sending domain within Enforce. Non-sending domains can be a target for spoofing as well and they need to be protected too.
After a domain is locked inside Enforce using the Blocked status, that domain will be safe against any spoofing attempts from thereon.
The Blocked status for non-sending domains has the same effect as the DMARC Enforcement policy of p=Reject set on a normal active sending domain.
Note: In order to be able to set a non-sending domain to Blocked in Enforce, you will need to point DMARC to Valimail with an NS record (not a TXT one). After that, you can go and set that non-sending domain to Blocked.
Steps to change the domain status in Enforce
1. In Enforce, navigate to the Domains page from the left panel of the Enforce platform.
2. In the Domains page, you will see the current status for each domain. Click on the edit pen next to the domain wish to make this change on.
3. From window that pops up next (see below), please choose Active/Blocked based on what applies for that domain, then click on Change Domain Mode: