All fix guides

How to add and enforce a DMARC record

Tell receiving servers what to do with mail that fails SPF/DKIM — and get reports.

What it is

DMARC is a DNS TXT record that ties SPF and DKIM together and sets a policy (none/quarantine/reject) for mail that fails.

Why it matters

Without an enforcing DMARC policy, spoofed emails using your domain still land in inboxes. DMARC at `p=reject` stops them.

How to fix it

  1. 1Publish a record at `_dmarc.yourdomain.com`, starting in monitor mode: `v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com`.
  2. 2Review the aggregate reports to confirm your legitimate mail passes SPF and DKIM.
  3. 3Tighten to `p=quarantine`, then `p=reject` once clean.
  4. 4Make sure DKIM signing is enabled at your mail provider so forwarded mail still authenticates.
  5. 5Re-scan to confirm DMARC is enforcing.

Not sure if your site is affected?

Run a free scan — or let us fix it all for you.

Privacy and cookie preferences

We use strictly necessary cookies to run the site. Analytics, marketing, and AI assistant telemetry are optional and disabled until you choose. You can update consent any time in Cookie Settings.

Some infrastructure cookies, such as load balancer routing cookies, are essential for service delivery. Details: Cookie Policy