🛡️ How to Set Up DMARC in 5 Minutes

Generate, add, and test a DMARC record for your domain. Step-by-step guide for 2026 — works with Cloudflare, Route 53, Namecheap, GoDaddy, and any DNS provider.

⚡ Quick Start: Use our free DMARC Record Generator → to create a valid record in 30 seconds. Then follow this guide to add it to your DNS.

What Is DMARC and Why You Need It

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email security protocol that prevents spoofing of your domain. It tells receiving mail servers what to do when an email fails SPF or DKIM checks — quarantine it, reject it, or let it through.

Without DMARC, anyone can send emails pretending to be @yourcompany.com. With DMARC, you tell the world: "If an email claims to be from my domain but fails authentication, here's what to do with it."

📊 What DMARC Gives You

✅ Stops email spoofing — phishing emails pretending to be your domain get blocked
✅ Boosts deliverability — Gmail, Outlook, and Yahoo prioritize DMARC-authenticated domains
✅ Visibility — DMARC reports show who is sending email on your behalf
✅ Brand protection — prevents scammers from damaging your reputation
✅ Required for BIMI — want your logo in Gmail's inbox? You need DMARC at p=quarantine or p=reject

⏱️ Step 1: Generate Your DMARC Record (30 seconds)

The quickest way is to use our free DMARC generator. It creates a properly formatted record with the right syntax — no DNS RFC memorization needed.

🛠️ Open DMARC Generator →

The generator lets you configure:

Policy (p=): none (monitor only, safe start), quarantine (send to spam), or reject (block completely)
Subdomain policy (sp=): same options for subdomains
Percentage (pct=): roll out gradually — start at 5-20% if you're cautious
Aggregate reports (rua=): where daily XML reports are sent
Forensic reports (ruf=): real-time failure notifications

For beginners, use this minimal record to start:

v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; pct=100

This monitors without blocking. Once you're confident (1-2 weeks), increase to p=quarantine or p=reject.

📡 Step 2: Add the DMARC Record to DNS (2 minutes)

The DMARC record is a TXT record at _dmarc.yourdomain.com. Here's how to add it on every major DNS provider:

☁️ Cloudflare

Log into Cloudflare dashboard → select your domain
Go to DNS → Records → Add Record
Type: TXT
Name: _dmarc
Value: Paste your DMARC record (e.g., v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com)
TTL: Auto (or 300 seconds for faster propagation)
Click Save

💡 Cloudflare auto-expands _dmarc to _dmarc.yourdomain.com — no need to type the full hostname.

🐧 AWS Route 53

AWS Console → Route 53 → Hosted Zones → select your domain
Click Create Record
Record name: _dmarc
Record type: TXT
Value: Enclose your DMARC record in double quotes: "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com"
TTL: 300
Click Create records

⚠️ Route 53 requires the value to be quoted. The generator format works as-is.

🌐 Namecheap / GoDaddy / Generic DNS

DNS management → Add Record
Type: TXT
Host/Name: _dmarc
Value/Text: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
TTL: 300-3600
Save

⚠️ Important: Only ONE DMARC record per domain. Multiple DMARC records will cause validation failures. If you already have a DMARC TXT record, edit it — don't add a second one.

🔍 Step 3: Verify Your DMARC Record Is Working (30 seconds)

After adding the record, wait 30-60 seconds for propagation, then verify it's live. There are three ways to check:

Option A: Use our DNS checker

Go to korpo.pro/dns, enter your domain, and look for a TXT record at _dmarc.yourdomain.com. You'll see your DMARC policy value in the results.

Option B: Command line

dig TXT _dmarc.yourdomain.com +short

You should see your DMARC record returned. If empty, wait another minute and retry.

Option C: Online DMARC checker

Several sites offer free DMARC validation. But the quickest way is the dig command above — no third-party site needed.

📈 Step 4: Read Your DMARC Reports (ongoing)

If you included an rua= tag with an email address, you'll start receiving DMARC aggregate reports daily. These are XML files showing:

Who sent email from your domain (IP addresses)
How many emails passed or failed SPF/DKIM
Which receiving servers accepted or rejected your mail

The XML is hard to read raw. Use our free DMARC Report Parser → to turn those XML files into readable dashboards with pass/fail rates, source IPs, and hostnames.

🎯 The DMARC Policy Progression

🏁

Week 1-2

p=none
Monitor only. Gather data. No emails blocked.

📊

Week 3-4

p=quarantine; pct=25
25% of failures go to spam. Gradually increase.

🔒

Week 5+

p=reject; pct=100
All failures rejected. Full protection.

🚨 Common DMARC Setup Mistakes (and How to Fix Them)

❌ Multiple DMARC records

Fix: Delete all but one. DMARC spec requires exactly one record per domain.

❌ Forgetting to set SPF first

Fix: DMARC requires at least one of SPF or DKIM to pass. Set up both for best results — see our complete guide →

❌ Jumping straight to p=reject

Fix: Start with p=none for monitoring, then progress gradually. Rejecting immediately can break legitimate email (third-party senders, CRM, etc.).

❌ Wrong hostname

Fix: The record goes at _dmarc, NOT dmarc or @. The full hostname is _dmarc.yourdomain.com.

❌ Missing rua email

Fix: Add rua=mailto:dmarc@yourdomain.com. Without it, you're flying blind — you won't know if spoofing is happening.

📚 Related Tools & Guides

🛠️ DMARC Generator
Create a valid DMARC record in 30 seconds. 📊 DMARC Parser
Turn XML reports into readable dashboards. 📘 Full Auth Guide
SPF, DKIM & DMARC explained in depth. 📬 Email Checker
Test your domain's email setup in one click.

🚀 Ready to Secure Your Domain?

Generate your DMARC record and set it up in under 5 minutes.

Generate DMARC Record Now →

📚 From blog reader to domain owner

📊 Professional Email Health Report

Liked this article? Put it into practice — get a personalized email deliverability audit for your domain.

Get Fix Report — €9 →