All fix guides
How to add and enforce a DMARC record
Tell receiving servers what to do with mail that fails SPF/DKIM — and get reports.
What it is
DMARC is a DNS TXT record that ties SPF and DKIM together and sets a policy (none/quarantine/reject) for mail that fails.
Why it matters
Without an enforcing DMARC policy, spoofed emails using your domain still land in inboxes. DMARC at `p=reject` stops them.
How to fix it
- 1Publish a record at `_dmarc.yourdomain.com`, starting in monitor mode: `v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com`.
- 2Review the aggregate reports to confirm your legitimate mail passes SPF and DKIM.
- 3Tighten to `p=quarantine`, then `p=reject` once clean.
- 4Make sure DKIM signing is enabled at your mail provider so forwarded mail still authenticates.
- 5Re-scan to confirm DMARC is enforcing.
Not sure if your site is affected?
Run a free scan — or let us fix it all for you.