how-to-create-a-dmarc-record-to-protect-your-domain

What Is a DMARC Record + How to Add One to Your DNS [Easy]

Do you want to create a DMARC record?

A DMARC record provides important instructions for how messages failing email authentication should be handled by mailing servers.

In this article, we’ll explain what a DMARC record is with examples, and show you how to add a DMARC record to your DNS.

To navigate this post faster, you can use the quick links below to jump to a specific section:

Fix Your WordPress Emails Now

What Is a DMARC Record?

A DMARC record is a TXT record that contains instructions for how an email server should handle an email that fails authentication. Using DMARC records, you can control if email receivers should reject, quarantine, or do nothing with a suspicious email.

It’s important to create DMARC record because it helps servers distinguish legitimate emails from fake ones. As a result, it minimizes cyber threats like phishing, email spoofing, and CEO fraud. This is why we strongly recommend creating a DMARC record to ensure better email security.

Email providers like Google and Yahoo now look for a DMARC record as part of anti-spam checks. If you don’t have one, Gmail could block your emails.

DMARC Record Example

A typical DMARC record contains at least three important components (or tag-value pairs). Consider this sample DMARC record:

v=DMARC1; p=reject; rua=mailto:[email protected]

Here, we have three tags: v, p, and rua which have the values DMARC1, reject, and mailto:[email protected].

  • The v tag specifies the version of DMARC
  • The p tag is the policy (or the action to perform if email fails DMARC checks)
  • The rua tag is the email address where DMARC reports will be sent. This could be your hosting company’s email address, your registrar’s email address, or your own.

Here’s what the 3 possible DMARC policies do:

  • None: No action is taken for messages failing DMARC, but reports will still be sent to the email address you specify so you can monitor what’s happening with your emails. You may get a ‘DMARC policy not enabled’ notice if the policy is set to none.
  • Quarantine: Messages failing DMARC checks will be sent to the recipient’s junk mail folder.
  • Reject: Messages failing authentication will be completely rejected, never reaching your recipient at all. In other words, the policy defined here is to reject a message when a message fails authentication and bypass the junk mail completely.

There are various other optional tags that you can use like pct and ruf. However, for simplicity’s sake, we won’t include these in our examples. You can still set up your DMARC record with just 3 essential tags: v, b, and rua.

If you’re using WP Mail SMTP to handle your WordPress emails, it’ll tell you if DMARC isn’t set up correctly on your domain. You might also see an error like ‘No DMARC Record Found’.

The steps below will help you to resolve the issue and build DMARC record just the way it’s supposed to be.

How to Create a DMARC Record

Let’s step through the process of how to set up DMARC on your domain. We’re going to copy a generic record that will work with any host.

Check Your DNS With a DMARC Analyzer

If you’re not sure whether you have a DMARC txt record set up on your site, you can use a DMARC checker like MXToolbox to scan your DNS records.

Type your domain name into the field and click DMARC Lookup.

DMARC lookup

If you don’t have DMARC set up, the DMARC analyzer will show a failure message.

DMARC record check failure message

If you’re using WP Mail SMTP, you can also check if DMARC is working by sending a test email. In the WordPress dashboard, click WP Mail SMTP, then Settings, and then the Email Test tab.

Test DNS for email in WordPress

Send a test email using the form on the Email Test page.

Send email test in WP Mail SMTP

After sending the email, scroll down and check to see if there’s a warning message.

Deliverability should be improved warning message

Scroll down a little further. Do you see a warning that says It doesn’t look like DMARC is set up for your domain?

WP Mail SMTP DMARC warning

This means that:

  • You don’t have a DMARC record in your DNS zone
  • Your DMARC record has been implemented, but it hasn’t propagated yet
  • The DMARC record is not be formatted correctly.

Let’s log in and add that DMARC record next.

Edit Your Domain’s DNS Records

Now we’re going to edit the DNS for your domain and add a DMARC record.

DNS is a set of instructions that tell servers where to find your site content, email mailbox, and more. To edit your DNS, you (or the domain owner) need to log in to the provider handling the DNS zone for your domain.

If you’re not sure where it is, you can try:

  • Your web hosting control panel: If you purchased your domain and hosting as a package, your DNS is probably handled by your web hosting company. You’ll want to log into your hosting control panel and look for a menu called DNS or DNS Zone.
  • Your DNS registrar: If you purchased your domain by itself, the DNS is probably managed by the company you bought it from.
  • Your CDN provider: If you’re using a CDN like Cloudflare, your DNS records will be hosted within the CDN settings.

In this example, we’ll show you how to create a DMARC record manually in Cloudflare.

Open DNS in Cloudflare

The DMARC configuration steps are very similar for other domain registrars or hosts, including:

When you open up your DNS, double-check that you don’t already have any DMARC records set up.

You can’t have more than 1 DMARC record in your DNS. But don’t worry: our example record will cover all of the subdomains under your domain, and all of the email addresses you send mail from.

Assuming you don’t, let’s move on and add a DMARC TXT record.

Create Your New DMARC TXT Record

We’ve got 2 different methods to share in this section: copying and pasting a DMARC record, which works with any host, or generating a record in Cloudflare.

Option 1: Copy and Paste Our DMARC Record (Any Host)

It’s easy to add a DMARC record manually using our example. There’s no need to use a DMARC generator.

On your registrar’s DNS record screen, click Add record to create a DMARC record. We’ll use Cloudflare in this example.

Add a DMARC record in Cloudflare

A DMARC record is a TXT record starting with _dmarc. So in the Type dropdown, select TXT.

Create new TXT record for DMARC

In the Name field, type _dmarc. with the period (dot) at the end. Some hosts don’t need the period, so they’ll remove it or show an error. In that case, you can safely use _dmarc it without the period.

In the large field in the DNS record, paste in this DMARC record example.

v=DMARC1; p=none; fo=1; rua=mailto:[email protected]

This contains 4 sections; the 3 we already talked about plus one extra tag: fo. Here’s what the rule does:

  • We’re using p=none because it’s the least restrictive setting. You’ll still get email reports if there’s an issue with your DNS, but it’s unlikely to affect your own emails from being delivered. If you start to get suspicious DMARC reports, you could change this part of the rule to p=quarantine.
  • Be sure to change the rua=mailto: address. It should ideally be set to the email address that your mailer service provides in its documentation. If it doesn’t provide one, you can use an email address at your own domain.
  • If the authentication method (DKIM or SPF) is unaligned with your DMARC record, the fo=1 rule will generate forensic reports, which means you’ll get a report for every individual email. This makes the report XML files easier to interpret.

Some providers may ask for an alignment rule. It’s OK to exclude that since it’s not required for your DMARC text record to work.

So after pasting in the rule, here’s our finished DMARC record:

New DMARC record in Cloudflare

In basic terms, the TTL (Time to Live) setting is like an expiration date for your DNS. We recommend leaving the TTL setting on Auto, which is typically 4 hours. The setting isn’t crucial, so you can safely select 24 hours or 14400 if that’s the only option you have.

Save your new DMARC rule to add the new record to your DNS.

If you already had a DMARC rule in your DNS, check the formatting carefully. Pay attention to the Name field; if you use @ or your domain name in the Name field, it won’t work.

Option 2: Generate a DMARC Record (Cloudflare Only)

If you prefer, you can generate a DMARC record if you’re a Cloudflare user. Cloudflare has DNS record generators for SPF, DKIM, and DMARC.

In this section, we’ll focus on generating a DMARC record in your account. This generates a record just like the one in the previous section, but you might prefer to use this method if you’re not comfortable editing your DNS records directly.

To start, click on DNS on the left-hand side of your Cloudflare dashboard.

Cloudflare DNS settings

On the DNS page, scroll all the way down until you see Email Security. Click the blue Configure button to continue.

Configure Cloudflare Email Security

Next, you’ll see options to generate a DKIM, SPF, or DMARC record. Go ahead and click on Create Record in the DMARC section.

Create DMARC record in Cloudflare

Now you can set up your DMARC record in the same way that we created one manually. Cloudflare provides a simple interface for you to set up the record.

This is essentially a DMARC generator, and it does exactly the same thing as our ‘manual’ rule. You can set:

  • Reporting Email Addresses, which are the email addresses that’ll receive DMARC reports
  • The specific Policy you want to use – None, Quarantine, or Reject
  • The Percentage of emails you want to filter – you can leave this on 100% unless you have a reason to change it.

Generate DMARC record in Cloudflare

When you’re happy with the finished DMARC record, click Submit.

Apply DMARC record in Cloudflare

Wait For Your DMARC Record to Propagate

Whenever you make changes to your site’s DNS, you’ll need to wait up to 48 hours for the changes to take effect. If you’re using Cloudflare, you’ll usually find that the changes take place within a few minutes.

When the change has propagated, go back to a web-based DMARC checker like MXToolbox. Check again using its DMARC tool.

Your DMARC rule should show up in a green bar so that you know it’s working.

DMARC rule success in MXToolbox

You can also use WP Mail SMTP to send another test email from WordPress. This will automatically run a fresh check on your DNS and look for your DMARC record configuration.

If you added everything correctly, you’ll now see a pass message like this:

Created DMARC record in WP Mail SMTP

And that’s it! You’ve now successfully added a DMARC record to your DNS.

Checking DMARC in Postmaster Tools

If your site sends a lot of email, it’s worth setting up Google Postmaster Tools. It allows you to to keep an eye on your Authenticated traffic:

Postmaster Tools authentication

This report shows you how many emails passed DMARC, SPF, and SKIM checks. Keep in mind that Postmaster Tools only reports on emails that Google handles. But since most of us send to Gmail addresses, it’s worth using Postmaster Tools to keep an eye on your email deliverability, domain reputation, and spam complaint rate.

Fix Your WordPress Emails Now

Frequently Asked Questions About DMARC TXT Records

Now you know how to create a DMARC record, let’s look at some other important questions.

Let’s start looking at the answers to these DMARC questions.

What Does DMARC Stand For?

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance.

How Does DMARC Work?

The DMARC protocol checks the SPF and DKIM records for your domain. If the email server can’t find any SPF or DKIM records, it looks at DMARC to figure out what to do with the outbound mail.

Based on the content of the DMARC record, the server might:

  • Quarantine your emails
  • Send them to the junk or spam folder
  • Reject them altogether.

That’s why it’s best to set up DKIM, SPF, and DMARC together. That way, the email server can easily separate emails from a legitimate sender from any spam messages that are sent using your domain.

DMARC has other functions too. For example, it generates technical reports about the actions it’s taken. You might receive these reports if you use your email address in the DMARC rule.

In most cases, you don’t need to worry about DMARC reports unless you have other issues with spam or email deliverability.

Are DMARC Records Required?

No, DMARC records are not required for you to send emails. However, it’s strongly recommended that you add DMARC records to your DNS. This is because DMARC records protect you and your users from dangerous activities like phishing and unauthorized use of your email domain.

Who Can Use DMARC Records?

Anyone who owns a domain name can use DMARC to verify that the emails they send are genuine. There is no charge to use it.

Some third-party providers will say that it isn’t worth using DMARC on a small site. But we always recommend that you set up DMARC anyway because it can help to stop WordPress emails from going to spam.

Where Are DMARC Records Stored?

DMARC records are stored in your DNS in the form of a TXT record. Your DNS also stores SPF and DKIM records. Together, these DNS records protect you from email domain spoofing and instruct mailing servers what to do if an unauthenticated email is detected from your domain.

How Many DMARC Records Can I Have?

You can have only one DMARC record for one domain or subdomain. If you have multiple DMARC records at the same domain level, it can confuse mailing servers. This typically means that your DMARC records won’t be able to enforce any rules and policies that you may have defined for handling unauthenticated emails.

Do I Need to Create a DMARC Record?

You may need to set up a DMARC record to verify your domain, but it will depend on your mailer service setup process. None of the mailers compatible with WP Mail SMTP require DMARC records.

As a general guide, you don’t need a DMARC record if you’re sending emails from a domain you don’t control, like a Gmail email address.

Can You Create a DMARC Record Without DKIM?

Yes, you can. But we recommend that you set up DMARC, DKIM, and SPF records if your email provider requires them. Not all do, so you’ll want to check the setup steps in their documentation.

Why Did My DMARC Record Check Fail?

If you’ve added your DMARC record and it still isn’t showing up, it may not have propagated. You might see the message ‘no DMARC record found’.

It’s best to wait for 24 hours for a DNS change to propagate before contacting support.

Do I Need to Use a DMARC Record Generator?

No. In most cases, our DNS example will work on your domain. Just be sure to change the email address in our rule before saving it.

If your provider gives different instructions, it’s best to use their DMARC record instead of our example.

How Do I Read a DMARC Report?

The easiest way to read a DMARC report is to use an online tool like this DMARC XML Report Analyzer. This makes the file easier to read so you don’t have to look through the raw HTML to find out what’s going on with your emails.

What Do Aggregate and Forensic Mean?

With DMARC, an aggregate report is a report combining a bunch of failed emails in one file. A forensic report is more detailed and will tell you about individual emails with their status.

In simple terms, an aggregate is more like a digest email. Forensic reports are sent each time your DMARC record catches an email.

We suggest using forensic reports (fo=1) because aggregate reports can be very long, which makes them harder to read.

Should I Add a PTR Record?

You definitely need a PTR record, but it’s unlikely that you’ll need to create this yourself. For more information, check out our article: What Is a DNS PTR Record (and Do I Need One?). It explains what a PTR does and how you can add one to your DNS.

What Happens If There Is No DMARC Record?

While you can still send emails without a DMARC record, it increases the risk of spoofing crimes. Bad actors on the web can spoof your branded email address to run fraudulent schemes against your customers. A DMARC record offers protection against these kinds of threats.

This is why it’s strongly recommended to add a DMARC record for your domain.

Fix Your WordPress Emails Now

Next, Fix WordPress Emails Going to Spam

Are emails from your WordPress site going to spam? If you have an online store, email delivery issues can be a huge problem for customers who are waiting for order confirmation or despatch emails.

To solve this problem, check out our tutorial on why your WordPress emails are going to spam (and how to fix it).

Ready to fix your emails? Get started today with the best WordPress SMTP plugin. If you don’t have the time to fix your emails, you can get full White Glove Setup assistance as an extra purchase, and there’s a 14-day money-back guarantee for all paid plans.

If this article helped you out, please follow us on Facebook and Twitter for more WordPress tips and tutorials.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPForms is funded, why it matters, and how you can support us.

Claire Broadley

Claire is the Content Manager for the WP Mail SMTP team. She has 13+ years' experience writing about WordPress and web hosting. Learn More

Try our Free WP Mail SMTP plugin

Use your favorite SMTP provider to reliably send your WordPress emails.

Please enable JavaScript in your browser to complete this form.

63 comments on “What Is a DMARC Record + How to Add One to Your DNS [Easy]

  1. This does not work. I set up the DMARC record exactly as you showed here and the system doesn’t seem to pick it up. What can I do? I was not able to contact your support.

  2. Why do you have the policy set to ‘none’ ? According to MXToolbox a policy set to ‘none’ means the DMARC record for this domain is not currently protected against phishing and spoofing threats.
    If that is accurate, doesn’t that defeat the purpose of adding a DMARC record in the first place?
    Thank you in advance for your response.
    -SL

    1. Hey Scott,

      Great question! We recommend that the policy be set to ‘none’, or `p=none` because it is the least restrictive DMARC policy that ensures emails are delivered. With this policy, you will get sending reports if something is misconfigured or if someone else is sending emails with your domain (spoofing).

      With the other policy options, `p=quarantine` or `p=reject`, your own emails may be sent to spam or rejected if there is any misconfiguration.

      Using `p=none` allows you to check that the settings are correct. And if you start to get suspicious DMARC reports, you could change this part of the rule to p=quarantine.

      Hope this helps clarify!

  3. This guide worked for my active domains, but would my dormant UNparked domain be safer with a DMARC record?

    The nameservers are set to the Registrar’s basic DNS, but the domain had no site, so no server response.

    I’m guessing I have to host the domain on a server BEFORE I can actually add a DMARC record?

    I’d prefer to leave the domain “moth-balled” but do wnat to preserve its interity, so what do you advise?

    1. Hi Cmjc

      We’d recommend setting up a DMARC record for all domains, even if you aren’t using them at the moment. If you’ve get basic DNS set up, you can add the DMARC example in the article.

      The purpose of the DMARC record is primarily to send reports to you (or the email provider) if the domain is misused for spamming. You’d still want to know about that, even if your domain is technically dormant.

      If you have any trouble with using DMARC on your site once it’s set up, please drop our support team an email so they can assist.

      If you have a WP Mail SMTP license, you have access to our email support, so please submit a support ticket.

      Otherwise, we provide limited complimentary support in the WP Mail SMTP WordPress.org support forum.

      Thanks 🙂

      1. I am getting WP SMTP DMARC warnings on my test emails, but the email address being used is on a subdomain of the main domain and the main domain has a DMARC record. Can i safely ignore the WP SMTP Mail warings in this case?

      2. Hi David,

        If you have set up your mailer on a subdomain, you can also add a DMARC record on that subdomain as well.

        Thanks!

  4. How does this effect someone who is using WPMailSmpt to receive emails from WP contact forms but using Microsoft Exchange for their [email protected] ? We are using sendinblue as our mailer for wp contact forms, and exchange for actual emails.

    1. Hi Noral

      If you’re using Sendinblue to send email from your contact forms, we recommend that you verify the domain you’re sending email from in your Sendinblue account. For more help with this, you can read our Sendinblue documentation.

      You don’t need to set anything up on the Outlook side since that’s the recipient rather than the sender.

      If you have any trouble with your Sendinblue settings in WP Mail SMTP, please drop our support team an email so they can assist. If you have a WP Mail SMTP license, you have access to our email support, so please submit a support ticket.

      Otherwise, we provide limited complimentary support in the WP Mail SMTP WordPress.org support forum.

      Thanks 🙂

    1. Hello Bob

      Yes, if you’re using a From Address with your own domain name ([email protected]), you need to add a DMARC record in your DNS zone for that domain. Google’s documentation is quite technical, but the example we provided here should work fine.

      You don’t need to add a DMARC record if the From Address is on a domain that Google controls ([email protected])

      I hope this helps 🙂

  5. Worked like a charm! within just 2 minutes after adding the record it worked and propagated very fast with SiteGround Hosting where I can manage the DNS of my domain(s). But it was work without it earlier (why it’s required now?)

    Thank you so much for the great help.

    1. Hi Waleed,

      That’s great to hear, and thank you for letting us know!

      As for why it may be needed now on your site, it’s hard to say the exact cause. Any number of variables could impact email deliverability. This is often to protect users from spam emails from arriving in their inboxes.

      With the many causes of emails not sending properly, WP Mail SMTP can help improve email deliverability.

      In case you do ever run into any issues regarding WP Mail SMTP, please feel welcome to reach out to us.

      If you have a WP Mail SMTP license, you have access to our email support, so please submit a support ticket.

      Otherwise, we provide limited complimentary support in the WP Mail SMTP Lite WordPress.org support forum.

      Thanks 🙂

    1. Hi Lucas,

      Setting up DMARC should not affect your emails. DMARC can be used to receive emails to notify you of unwanted email activity from your domain, while not affecting the other SMTP records.

      However, in case you already have SMTP set up, using more than one SMTP setup on your domain can cause a conflict. If you are only seeking to add DMARC to your current SMTP setup, you could skip ahead to the Copy and Paste Our DMARC Example section to specifically add DMARC.

      I hope this helps!

      Thank you 🙂

  6. We have multiple employees along with order email notifications sent to customers from our website. Do we have to create records for each individual email address?

    1. Hi Bill,

      Great question! You will not need to create multiple DMARC records for each individual email address. If you want to, you can set the email address receiving the DMARC report to forward the emails to the appropriate email addresses.

      However, if you’d like to, you can add multiple email addresses to your DMARC record, as there is no limit to reporting addresses. The DMARC record would need to have each email address separated by commas with no spaces.

      I hope this helps!

      Thank you 🙂

  7. Hello, first of all thanks for your help and your plugin, before I could not send any email to my clients but now I can. The problem is that the email is marked as spam, is there a solution or do I need to tell my clients that they should check their spam mailbox? I have tried all the tips you have given but nothing seems to work. Is “Enabling less secure applications” only if I am going to send emails with those servers right or do I need to do that anyway despite working with an email from my own domain?

    1. Hi Andy,

      I’m glad to hear that WP Mail SMTP has helped your site to start sending emails. In this case, since your emails are still ending up in the spam inbox, it sounds like WP Mail SMTP may not yet be fully configured.

      It may be helpful to look at our complete guide to mailers, find the mailer you are setting up, and following the mailer’s guide.

      If you have already followed the guide to set up the mailer you have selected, you can check the error details in your website’s dashboard under WP Mail SMTP > Tools, and sending a test email to yourself. From there, you should be able to see if there are any issues with your current configuration.

      If you need some extra guidance with this and you have a WP Mail SMTP license, you have access to our email support, so please submit a support ticket.

      Otherwise, we provide limited complimentary support in the WP Mail SMTP Lite WordPress.org support forum.

      I hope this helps!

      Thank you 🙂

  8. Dreamhost’s interface doesn’t look like this.
    When trying to add a TXT record, there’s no “Name” field and “Content” field. It’s just TXT Value. What do I put in there?

    1. Hi Peter,

      In Dreamhost, once that TXT record shows up as you have described, you will have to click the “ADD” option. From there, you will find the Host (Name) and TXT Value (Content) fields. You can follow Dreamhost’s full guide for creating a DMARC policy.

      If you still encounter difficulties with this, please also feel free to reach out to Dreamhost and they should be able to help you get the DMARC record added.

      Thanks! 🙂

  9. I set up the DMARC record but now I am receiving emails from Google, each containing an xml file. I have figured out that it is asking me to set up SPF and DKIM records as well. I would like to stop Google from sending me the reports. My domain has nothing to do with Google, and I am not sending mail from there. Why am I getting these reports? What’s the simplest way to stop them?

  10. Hi this is a good tutorial however I can’t make sense of what email to put in when it says

    “It should ideally be set to the email address that your mailer service provides in its documentation. ”

    I am using zoho to send emails for my domain emails. Is there an email I need to find from zoho or do I need to create this rule for every individual email I have linked to my domain through zoho if that makes sense?

    1. Hi Adam,

      Usually, it’s okay to look to the next sentence, as many mailer services do not provide a specific email to use. According to Zoho’s documentation, it is best to use an email where you would be able to check the emails such as [email protected] (and you can change yourdomain.com to your website).

      Please note that any email address you use will receive DMARC reports.

      I hope this helps!

      1. Hi thanks for your reply I’m just finally getting round to dealing with this issue now, is there a chance that setting up a DMARC record could effect 3rd party email auto responders I;m using such as get response in a negative way?

        Also what do you mean by using an email you use that you would be able to check the emails?

      2. Hi Adam,

        You need to set up any third-party mailers or Autoresponders on your domain (Eg: Mailgun, Mailchimp) with the correct SPF, DKIM, and DMARC records. Please refer to our detailed guide here.

        When you set up a DMARC record as mentioned in this article, you need to add an email address where you can access it. That way, you can check the DMARC reports coming into that email address.

        Thanks!

  11. we have other SMTP and a email on our website so everything is properly configured
    [email protected]

    I have tried everything here but contacts still have emails going to spam,
    my tests do not go to spam, gmail, outlook but some people still get them

    the dmarc and the check gives a nice green OK on blacklist checker and DNS checker worked fine two times everything looks good
    one time it told me DMARC Policy Not Enabled but it does not give this message always should I change p=quarantine ?

    DMARC Record Published DMARC Record found
    DMARC Syntax Check The record is valid
    DMARC External Validation All external domains in your DMARC record are giving permission to send them DMARC reports.
    DMARC Multiple Records Multiple DMARC records corrected to a single record

    1. Hi Juan,

      DMARC will not have any impact on whether your emails end up being marked as spam or not. Setting up DMARC will send you reports to better help you protect your company’s email domain from being used for email spoofing, phishing scams, and other cybercrimes. However, it sounds like you may be running into a hosting, SPF, or DKIM record issue.

      “Other SMTP” is the least recommended of mailers due to the number of troubles a user can run into in their hosting setup. If you do not have a license, the next best option would be to share the full error details in the WP Mail SMTP support forum where we provide limited complimentary support to all free version users.

      To get the full error details, you can send a test email from WP Mail SMTP > Tools. Here’s a screenshot for the option to get a full error log. Then you can go ahead and share those details in the support forum mentioned above. This will give the team there an idea of what might be going on.

      If you need some extra guidance with this and you have a WP Mail SMTP license, you have access to our email support, so please submit a support ticket.

      Thanks! 🙂

  12. Buenas tardes, configure la opcion de remitente OTRO SMTP, despues de enviar correo de prueba el SPF ok bien, pero en DMARC me aparece esto:

    “DMARC
    Action Recommended: It doesn’t look like DMARC has been set up on your domain (dominio.com). We recommend using the DMARC protocol because it helps protect your domain from unauthorized use. Please check out our step by step guide for details on how to add this record to your domain’s DNS.”

    dominio. com esta remplazando mi dominio original (solo para es mensaje).

    Aclaro que los correos, si llegan un poco demorado (entre 1 a 5 minutos). asi lo tengo regristado en hosting de DreamHost-

    Registros DNS para el correo con el protocolo _DMARC en TXT
    V=DMARC1; p=quarentine; fo=1; rua=mailto:[email protected]

    Que hago para que em mensaje de prueba queda en verde ok para el protocolo DMARC?

    1. Hi Jose,

      Setting up a DMARC record is not mandatory, but it’s good to have on your domain.

      Could you please use a tool like this to verify whether you have created your DMARC record correctly?

      Then, you need to get in touch with your hosting support and ask them to adjust it for you.

      Thanks!

  13. we need some clarity on how subdomains inherit dmarc from root domains, and if setup is required for subdomains, since there is inheritance. many of us are using mailgun to deliver via subdomain ie mg.maindomain.com

    1. Hi Tim,

      By default, the DMARC policy set for an organizational domain will apply to any subdomain unless a DMARC record has been published for a specific subdomain. But domain owners may implement separate policies for all subdomains with the “sp” tag (for subdomain policy).

      Suppose the organizational domain has a DMARC record with a policy (p tag) but no subdomain policy (sp tag). In that case, while the subdomain doesn’t have a DMARC record, the subdomain inherits the organizational domain’s “p” policy.

      Thanks!

    1. Hi Simon,

      Great question! The “FO” tag pertains to how forensic reports are created and presented to DMARC users.

      For example,
      fo=0: Will generate a DMARC failure report if all underlying authentication mechanisms (SPF and DKIM) fail to produce an aligned “pass” result (Default).
      fo=1: Will generate a DMARC failure report if any underlying authentication mechanism (SPF or DKIM) produced something other than an aligned “pass” result.
      fo=d: Will generate a DKIM failure report if the message had a signature that failed evaluation, regardless of its alignment.
      fo=s: Will generate an SPF failure report if the message failed SPF evaluation, regardless of its alignment.

      I hope this helps. Thanks!

  14. IMPORTANT QUESTION! in cloudflare do you recommend disabling the proxy protection of MAIL and WEBMAIL? or is it no longer necessary when activating SPF DKIM and DMARC, is it necessary to have it activated when having SMTP? please help: v 😟😤😠

    1. Hi Frank,

      You will require SPF, DKIM, and DMARC records to improve your email deliverability (these are TXT records).

      By default, Cloudflare only supports proxied A, AAAA, and CNAME records. You cannot proxy other record types.

      I hope this helps. Thanks!

  15. You specify fo=1 when you manually create the record, but using the Cloudflare form you left that out. Why? Can I add it to the Cloudflare record?
    I would want to receive diagnostics if abuse was happening.

    1. Hi Jon,

      The DMARC “FO” (Failure Reporting) tag is optional.

      You can add it manually if you need that functionality.

      I hope this helps. Thanks!

  16. Buenas noches. Muy bueno tu articulo, hice todo lo recomendado y WordPress continua sin enviar los correos. En mi hosting me dicen que no hay problema, utilice un plugin para chequear que el email sea enviado y no me marca problemas. Pero no puedo registrar a nadie como administrador, editor, etc en ninguno de mis sitios webs porque nunca llega el mail de confirmación. Muchas gracias por compartir tu conocimiento con la comunidad. Saludos y feliz año!

    1. Hi Claudia,

      First of all, I apologize for the delayed response due to the holidays.

      Did you configure the WP Mail SMTP plugin using SMTP Constants? If so, make sure to move your constants above the following line of your wp-config.php file. Please refer to this screenshot.

      /* That's all, stop editing! Happy publishing. */

      If you’re not using SMTP constants, try configuring an alternative mailer and test your email deliverability.

      I hope this helps. Thanks!

    1. Hi Devidas,

      You need to set up your DMARC record within your email platform/ domain registrar, and there’s no way to set it within the PHP mailer or WP_Mail() function.

      Please keep in mind, that the DMARC record doesn’t affect email deliverability and is optional. DMARC (Domain-based Message Authentication Reporting and Conformance) is an email validation system designed to protect your company’s email domain from being used for email spoofing, phishing scams, and other cybercrimes.

      Thanks!

  17. Hi, I am receiving an overwhelming amount of emails from [email protected] which contain an XML report. How can I stop these email from being sent to me on a daily basis without affecting receiving emails from my website?

    1. Hi Chris,

      According to the DMARC policy you set on your domain, you will receive regular DMARC reports.

      Reviewing the information in the reports helps you understand what messages sent from your domain are passing Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) authentication, and DMARC authentication. DMARC reports tell you:

      – What servers or third-party senders are sending mail for your domain
      – What percent of messages from your domain pass DMARC
      – Which servers or services are sending messages that fail DMARC
      – What DMARC actions the receiving server takes on unauthenticated messages from your domain: none, quarantine, or reject.

      In case it helps, you can upload your reports to an online tool like this and analyze them. If you don’t want to receive any reports via email, you can adjust your DMARC policy.

      I hope this helps. Thanks!

  18. I’ve notice how you say to add multiple email addresses to the record, problem I’m now having is the text box is limited in size & doesn’t have enough characters to add enough addresses.
    Can I set two DMARC records or will this cause a conflict?

    1. Hi Greg,

      I apologize, but you can only have one DMARC record per domain or subdomain.

      If you have a character limitation within your DNS manager, please get in touch with their support, and they should be able to set up your DMARC record manually on their end.

      I hope this helps. Thanks!

    1. Hi Aty,

      Yes, you can set your preferred email address for the “rua” tag to receive forensic reports.

      I hope this helps. Thanks!

  19. I have followed your instructions on my domain site (Ecohosting) but keep getting an error message saying “Failure, Invalid domain specified.”
    Can you help?

    1. Hi Kelly,

      It looks like you’re experiencing an issue related to your hosting provider. Please get in touch with their support and they should be able to resolve it for you.

      Thanks!

  20. Ionos doesn’t even have the option for a fo (Failure options) tag, should I just use pct (Percentage of emails to be filtered) tag instead?

    [Link removed]

    1. Hi David,

      DMARC is an open standard for email authentication, so you should be able to use the common tags on your domain.

      According to the IONOS guide published recently here, you should be able to use the “fo” (failure reporting options) tag as well.

      I hope this helps. Thanks!

    1. Hi Jan,

      If you do not want to receive those email reports, you can set your DMARC policy to none (p=none). This policy tells email receivers to not take any action based on the DMARC evaluation. It allows you to monitor and gather DMARC reports without impacting the delivery of emails.

      Please keep in mind that implementing a “p=none” DMARC policy means that you are not explicitly instructing email receivers to reject or quarantine emails that fail DMARC alignment. It is important to carefully evaluate the impact of this policy on your email delivery and security before implementing it.

      I hope this helps. Thanks!

    1. Hi Olga,

      If your email provider does not support DMARC, it means you may not be able to fully implement DMARC for your email domain.

      In this situation, it is recommended to reach out to your email provider to inquire about alternative measures or solutions that can be implemented to enhance your email security. They may be able to provide specific recommendations or additional security features that can help mitigate risks and protect your email communications.

      I hope this helps. Thanks!

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.