Support article
Activate DMARC on your domain
Learn what DMARC is, why it protects your domain and how to create a basic TXT record in DNS.
Introduction
DMARC helps protect your domain against forged email. If you use addresses such as info@yourdomain.com, enabling it is an important step to reduce phishing, improve domain reputation and control who can send email on your behalf.
What DMARC is
DMARC means Domain-based Message Authentication, Reporting and Conformance. It is published in DNS as a TXT record and works together with SPF and DKIM.
When a receiving server gets a message that claims to come from your domain, it checks whether those validations pass. If they do not, DMARC tells the server what to do with that message.
Why you should enable it
DMARC can help you:
- Reduce domain spoofing attempts.
- Improve trust with receiving servers.
- Detect services that send email on behalf of your domain.
- Receive reports about domain usage.
- Move toward a stricter anti-forgery policy.
Before creating the record
Before enabling DMARC, make sure your domain has correct:
- SPF
- DKIM
- DNS records
- Legitimate sending services
If you enable a policy that is too strict without checking this first, some legitimate messages may fail delivery.
How to create a basic DMARC record
- Open the panel where you manage your domain DNS.
- Go to the DNS zone or record editor.
- Create a new TXT record.
- Use
_dmarcas the name. - Use a starting value such as:
v=DMARC1; p=none; rua=mailto:reports@yourdomain.com
- Replace
reports@yourdomain.comwith a real mailbox. - Save the change and wait for DNS propagation.
What each part means
| Tag | Meaning |
|---|---|
v=DMARC1 | Identifies the record as DMARC |
p=none | Monitor only, do not block |
rua=mailto:... | Address that receives aggregate reports |
Available DMARC policies
| Policy | Action |
|---|---|
p=none | Monitor only |
p=quarantine | Suggest moving failed mail to spam |
p=reject | Suggest rejecting failed mail |
Conclusion
DMARC is an important security layer for your domain email. Start with a monitoring policy, review the reports and tighten the configuration only when you are sure your legitimate senders are correctly aligned.