Do you need to know how to create a DMARC record to stop people from using your domain to send spam?
DMARC helps to prove that your emails are genuine and not sent by malicious users pretending to be you.
In this article, we’ll explain what DMARC is and how to check if it’s working on your website. We’ll also give you a simple DMARC record example that you can add to your site’s DNS records right away.
What Is a DMARC Record?
A DMARC record is one of the lines in your site’s DNS records. It’s designed to make it harder for a spammer to ‘spoof’ your domain, which means that they pretend to use your domain as the real sender.
DMARC really helps to make sure phishing emails and malware can’t be sent from your email address.
Here’s an example of the DMARC record for google.com. The green bar shows the actual DMARC record, and the table underneath explains what each part of the record means:
If you’re using WP Mail SMTP to handle your WordPress emails, it’ll tell you if DMARC isn’t set up correctly.
The steps below will help you to resolve the issue.
How to Create a DMARC Record to Protect Your Domain
Let’s step through the process of setting up a DMARC record on your domain.
- Check For an Existing DMARC Record
- Log In to Your DNS Control Panel
- Add Your DMARC Record
- Wait For Your Changes to Propagate
We’re going to start by checking your existing DNS.
Step 1: Check For an Existing DMARC Record
If you’re not sure whether you have DMARC set up on your site, you can use a DMARC checker like MXToolbox to scan your DNS records.
Type your domain name into the field and click DMARC Lookup.
If you don’t have DMARC set up, it’ll show a failure message.
If you’re using WP Mail SMTP, you can also check if DMARC is working by sending a test email.
In the WordPress dashboard, click WP Mail SMTP, then Settings, and then the Email Test tab.
Send a test email using the form on the Email Test page.
After sending the email, scroll down and check to see if there’s a warning message.
Scroll down a little further. Do you see a warning that says It doesn’t look like DMARC is set up for your domain?
This means that:
- You don’t have a DMARC record in your DNS yet, or
- The DMARC record might not be formatted correctly.
Let’s log in and add that DMARC record next.
Step 2: Log In to Your DNS Control Panel
In this step, we’re going to edit the DNS for your domain. DNS is a set of instructions that tell servers where to find your site content, email mailbox, and more.
First, you’ll want to log in to the provider handling your DNS. If you’re not sure where it is, you can try:
- Your web hosting control panel: If you purchased your domain and hosting as a package, your DNS is probably handled by your web hosting company. You’ll want to log into your hosting control panel and look for a menu called DNS or DNS Zone.
- Your domain registrar: If you purchased your domain by itself, the DNS is probably managed by the company you bought it from.
- Your CDN provider: If you’re using a CDN like Cloudflare, your DNS records will be hosted within the CDN settings.
In this example, we’ll show you how to add a DMARC record with Cloudflare. The steps are very similar for other hosts. If you can’t find your DNS settings, reach out to your host for help.
Step 3: Add Your DMARC Record
Now you’re logged in, you’ll want to open up the DNS settings for your domain.
In Cloudflare, be sure to select the correct domain at the top left.
Now click the DNS icon here to load your DNS records.
You should see a list of existing DNS rules here.
Before moving on, double-check that you don’t already have any DMARC records set up. A DMARC record is a TXT record starting with
Assuming you don’t, let’s move on and add a DMARC record.
At the top, click Add record to add a new record.
In the Type dropdown, select TXT.
In the Name field, type
_dmarc. with the period (dot) at the end. Some hosts don’t need the period, so they’ll remove it or show an error. In that case, you can safely use
_dmarc without the period.
In the large Content field underneath, paste in this DMARC record example. Be sure to change the email address in this example to your own email address.
v=DMARC1; p=none; fo=1; rua=mailto:[email protected]
This rule simply tells the server to send a report by email if SPF or DKIM fail.
mailto: address that you use here doesn’t have to match the From Email in WP Mail SMTP. It’s best to use the email address that your mailer service provides in its documentation.
You can’t have more than 1 DMARC record in your DNS. But don’t worry: this record will cover all of the subdomains under your domain, and all of the email addresses you send mail from.
Save your new DMARC rule to add the new record to your DNS.
If you already had a DMARC rule in your DNS, check the formatting carefully. Pay attention to the Name field; if you use
@ or your domain name in the Name field, it won’t work.
Step 4: Wait For Your Changes to Propagate
Whenever you make changes to your site’s DNS, you’ll need to wait up to 48 hours for the changes to take effect. If you’re using Cloudflare, you’ll usually find that the changes take place within a few minutes.
When the change has propagated, go back to MXToolbox and check again using its DMARC tool.
Your DMARC rule should show up in a green bar so that you know it’s working.
You can also use WP Mail SMTP to send another test email. This will run a fresh check for your DMARC record. If you added everything correctly, you’ll now see a pass message like this:
And that’s it! Now you added a DMARC record to your DNS to stop spammers spoofing your domain.
Frequently Asked Questions About DMARC
Now you know how to create a DMARC record, let’s look at some other important questions.
What Does DMARC Stand For?
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance.
How Does DMARC Work?
The DMARC protocol checks the SPF and DKIM records for your domain. If the email server can’t find any SPF or DKIM records, it looks at DMARC to figure out what to do with the emails.
Based on the content of the DMARC record, the server might:
- Quarantine your emails
- Send them to spam
- Reject them altogether.
That’s why it’s best to set up DKIM, SPF, and DMARC so the email server can easily separate real emails from spam.
DMARC has other functions too. For example, it generates technical reports about the actions it’s taken. You don’t need to worry about these reports unless you have other issues with spam or deliverability.
Who Can Use DMARC?
Anyone can use DMARC to verify that the emails they send are genuine. There is no charge to use it.
Some providers will say that it isn’t worth using DMARC on a small site. But we always recommend that you set up DMARC anyway because it helps to stop spammers using your domain.
Can You Set Up DMARC Without DKIM?
Yes, you can, although we recommend that you set up DMARC, SKIM, and SPF records if your email provider requires them. Not all do, so you’ll want to check their documentation.
Next Step: Fix WooCommerce Emails Going to Spam
Are emails from your WooCommerce store going to spam? If you have an online store, email delivery issues can be a huge problem for customers who are waiting for order confirmation or despatch emails.
Check out our tutorial on how to fix WooCommerce not sending email to fix it now.
Ready to fix your emails? Get started today with the best WordPress SMTP plugin. WP Mail SMTP Elite includes full White Glove Setup and offers a 14-day money-back guarantee.