How to setup DMARC authentication

DMARC authentication is a protection mechanism that enhances security, protects against fraud and phishing attempts, and guarantees the legitimacy of email messages. DMARC policy complements SPF and DKIM by providing an authentication policy for the domain. It helps define actions to be taken for emails that fail SPF and/or DKIM checks, such as quarantining or rejecting them. What's more, DMARC gives you detailed reports so you can detect if there have been any attempts to impersonate your domain. Learn more about email authentication >

DMARC policy explained

How to create a DMARC record

Before you start

Important: there are several possible options and variations for creating a DMARC record, depending on the degree of control you wish to have over messages that fail DMARC validation, the actions you wish others to take if this is the case, and whether or not you wish to receive DMARC reports. Consult an expert or your hosting provider to make the right decisions for your organization and your email usage.

How to do it

To create a DMARC record, you need to add a TXT (text) format record in your DNS. Here's an example: 

Type: TXT
Value: v=DMARC1; p=none;;

Replace "" in the text above with the domain of your website and enter a valid email address in the "rua=" tag.

Meaning of the tags

Good to know

There are various tools on the web to guide you through generating your DMARC record, as well as helping you interpret DMARC reports, such as  EasyDMARC and Dmarcian. Gmail also offers a tutorial and several informative, easy-to-read help articles on DMARC implementation.

Verify your DMARC record

Once your DMARC record is in place (please note it may take some time before the record is visible and available everywhere), you can validate if the format is correct by using an online tool.

Here are a few examples: