diff --git a/DMARC-how-to.md b/DMARC-how-to.md
index 7792455..9e04400 100644
--- a/DMARC-how-to.md
+++ b/DMARC-how-to.md
@@ -31,13 +31,71 @@ ruf: forensic reports
| DMARC configuration tag | Required? | Value(s) | Explanation |
| --- | --- | --- | --- |
| v | mandatory | DMARC1; | |
-| p | mandatory | none
quaritine
reject | |
-| rua | optional | rua@example.nl | This field contains an e-mail address |
-| ruf | optional |ruf@example.nl | This field contains an e-mail address |
-| fo | mandatory | 0
1
s
d | reporting oprions for |
-| adkim | optional | s
r | |
-| aspf | optional | s
r | |
-| pct | optional | | |
+| p | mandatory | none
quaritine
reject | None: don't do anything if DMARC verification fails (used for testing)
quarantine: treat mail that fails DMARC check as suspicious
reject: reject mail that fail DMARC check |
+| rua | optional | rua@example.nl | This field contains the e-mail address used to send aggregate reports to |
+| ruf | optional |ruf@example.nl | This field contains the e-mail address used to send forensic reports to |
+| fo | mandatory |
0
1
s
d | Reporting options for failure reports. Generates a report if:
- both SPF and DKIM tests fail (0)
- either SPF or DKIM test fail (1)
- SPF test fails (s)
- DKIM test fails (d) |
+| adkim | optional | s
r | Controls how strict the result of DKIM verification should be intepreted. Strict or relaxed. |
+| aspf | optional | s
r | Controls how strict the result of SPF verification should be intepreted. Strict or relaxed. |
+| pct | optional | 0..100 | Determine percentage of mail from your domain to have the DMARC verificaton done by other mail providers. Default is 100. |
| rf | optional | | |
| ri | optional | | |
| sp | optional | | |
+
+# Reporting
+to-do
+
+# Implementing DKIM with OpenDKIM for Postfix with SpamAssassin
+**Specifics for this setup**
+* Linux Debian 9.8 (Stretch)
+* Postfix 3.4.5
+* BIND 9.10.3-P4-Debian
+* OpenDMARC v1.3.2
+
+**Assumptions**
+* DNSSEC is used
+* Mail server is operational
+* Software packages are already installed
+
+## Outbound e-mail traffic
+DMARC for outbound e-mail traffic can be accomplished by publishing a DMARC policy as a TXT record in a domain name's DNS zone.
+
+## Inbound e-mail traffic
+DMARC for inbound e-mail traffic can be accomplished by setting up OpenDMARC and integrate it with Postfix.
+
+### Set up OpenDMARC
+Make sure the file **/etc/opendmarc.conf** has a least the following configuration options.
+
+ AuthservID mail.example.nl
+ PidFile /var/run/opendmarc/opendmarc.pid
+ RejectFailures false
+ Syslog true
+ TrustedAuthservIDs mail.example.nl,mail2.example.nl,localhost,127.0.0.1
+ UMask 0002
+ UserID opendmarc:opendmarc
+ IgnoreAuthenticatedClients true
+ IgnoreHosts /etc/opendmarc/ignore.hosts
+ HistoryFile /var/run/opendmarc/opendmarc.dat
+ Socket inet:54321@localhost
+
+Make sure the file **/etc/opendmarc/ignore.hosts** contains all hosts that you trust. The e-mail coming from these hosts will not be checked by OpenDMARC:
+
+ 127.0.0.1
+ localhost
+
+Make sure the default file **/etc/default/opendmarc** contains:
+
+ RUNDIR=/var/run/opendmarc
+ SOCKET=inet:54321@localhost
+ USER=opendmarc
+ GROUP=opendmarc
+ PIDFILE=$RUNDIR/opendmarc.pid
+
+### Integrate with Postfix
+Now we need to tell Postfix to use OpenDMARC as a mail filter in order to use its functionality. This is done by making sure that **/etc/postfix/main.cf** contains the configuration values as listed below. Notice that the DKIM check (localhost:12301) is done _before_ DMARC (localhost:54321) since DMARC relies on the DKIM results.
+
+ smtpd_milters = inet:localhost:12301,inet:localhost:54321
+ non_smtpd_milters = inet:localhost:12301,inet:localhost:54321
+
+### Set up reporting
+to-do