How To Setup DMARC: The Basics

Understanding Domain-based Message Authentication, Reporting, and Conformance before you deploy it to your DNS.

Crucial Step: If you setup DMARC without having SPF or DKIM configured first, legitimate emails from your domain will be rejected or sent to spam.
1
What is DMARC?
DMARC is a DNS record that tells email providers (like Gmail, Yahoo, and Outlook) what to do if an email claims to be from you, but fails SPF or DKIM checks. It is your ultimate defense against domain spoofing and phishing.
2
The Three Policies
When learning how to setup DMARC, you must understand the p= (Policy) tag. You will transition through these three phases:
  • p=none (Monitoring): Does not block any emails. Just sends you reports of who is sending on your behalf.
  • p=quarantine: Suspicious emails are delivered to the recipient's Spam/Junk folder.
  • p=reject: Maximum security. Suspicious emails are completely blocked and dropped.

Phase 1: Monitoring Mode

Start here. By setting your policy to 'none', you instruct receiving servers to send you aggregate reports without dropping any emails.

Reporting Email: You will need an email address to receive XML reports. We highly recommend creating a dedicated inbox (e.g., dmarc@yourdomain.com) as these reports can be voluminous.
1
Access your DNS Manager
Log in to your domain registrar or DNS hosting provider (e.g., Cloudflare, GoDaddy, cPanel, Namecheap) and navigate to the DNS Records section.
2
Create the TXT Record
Create a new TXT record. The name/host must be exactly _dmarc. Copy the value below, replacing the email with your own.
Type: TXT
Name/Host: _dmarc
Value: v=DMARC1; p=none; rua=mailto:reports@yourdomain.com;
Wait 2 to 4 weeks in this phase. Analyze the XML reports to ensure all your legitimate sending services (like Mailchimp, Sendgrid, Office365) are successfully passing SPF and DKIM.

Phase 2: Strict Enforcement

Once you have verified via reports that your legitimate mail passes authentication, it is time to lock down your domain.

1
Upgrade to Quarantine
Edit your existing _dmarc TXT record. Change the p=none tag to p=quarantine. Now, any email failing checks will go to spam.
Value: v=DMARC1; p=quarantine; rua=mailto:reports@yourdomain.com;
2
Ultimate Security: Reject
After a few weeks in Quarantine with no issues reported by users or clients, upgrade the policy to p=reject. Your domain is now fully immune to spoofing.
Value: v=DMARC1; p=reject; rua=mailto:reports@yourdomain.com;

Live DMARC Inspector

Test the configuration you just learned. Enter your domain below to perform a live, cache-bypassing DNS check on your DMARC setup.

Raw DMARC Record:

Configuration Diagnostics:

    Expert Recommendation

    Comprehensive Guides

    Learn exactly how to setup DMARC through our step-by-step informational guides, designed to take you from a beginner to an email authentication expert.

    Real-Time Inspection

    After reading how to setup DMARC, use our embedded live DNS inspection engine to verify your _dmarc TXT record instantly without waiting for propagation.

    Policy Enforcement

    Master how to setup DMARC policies securely. We explain how to safely transition from p=none (monitoring) to strict p=reject enforcement.

    Aggregate Reporting

    A critical step in understanding how to setup DMARC is configuring RUA endpoints. Our guide details the exact mailto: syntax needed to receive XML reports.

    Spoofing Prevention

    Discover how to setup DMARC to permanently block cybercriminals from forging your domain. Prevent phishing attacks by locking down your email identity globally.

    Inbox Deliverability

    Major providers like Google and Yahoo now mandate authentication. Properly understanding how to setup DMARC ensures your legitimate emails reliably land in the inbox.