how-to-create-a-dmarc-record-to-protect-your-domain

How to Create a DMARC Record [Copy & Paste]

Do you need to know how to create a DMARC record?

You can easily copy and paste our example into your DNS zone.

In this article, we’ll explain how to:

  1. Check your DNS with a DMARC analyzer
  2. Add a DMARC Record
  3. Copy and paste our DMARC example

Fix Your WordPress Emails Now

What Is a DMARC Record?

A DMARC record is a TXT record in your site’s DNS zone. DMARC makes it harder for a spammer to ‘spoof’ your domain, which means that they pretend to use your domain when they send spam.

So DMARC helps to make sure phishing emails and malware can’t be sent from your email address.

Here’s an example of the DMARC record for google.com from a DMARC analyzer. The green bar shows the actual DMARC record, and the table underneath explains what each part of the record means:

Example of a valid DMARC record

If you’re using WP Mail SMTP to handle your WordPress emails, it’ll tell you if DMARC isn’t set up correctly on your domain.

The steps below will help you to resolve the issue.

How to Add a DMARC Record

Let’s step through the process of setting up a DMARC record on your domain.

1. Check Your DNS With a DMARC Analyzer

If you’re not sure whether you have DMARC set up on your site, you can use a DMARC checker like MXToolbox to scan your DNS records.

Type your domain name into the field and clickΒ DMARC Lookup.

DMARC lookup

If you don’t have DMARC set up, the DMARC analyzer will show a failure message.

DMARC record check failure message

If you’re using WP Mail SMTP, you can also check if DMARC is working by sending a test email. In the WordPress dashboard, click WP Mail SMTP, then Settings, and then the Email Test tab.

Test DNS for email in WordPress

Send a test email using the form on the Email Test page.

Send email test in WP Mail SMTP

After sending the email, scroll down and check to see if there’s a warning message.

Deliverability should be improved warning message

Scroll down a little further. Do you see a warning that says It doesn’t look like DMARC is set up for your domain?

WP Mail SMTP DMARC warning

This means that:

  • You don’t have a DMARC record in your DNS zone
  • Your DMARC record hasn’t propagated yet
  • The DMARC record might not be formatted correctly.

Let’s log in and add that DMARC record next.

2. Add a DMARC Record Using Our Example

Now we’re going to edit the DNS for your domain and add a DMARC record.

DNS is a set of instructions that tell servers where to find your site content, email mailbox, and more. To edit your DNS, you (or the domain owner) need to log in to the provider handling the DNS zone for your domain.

If you’re not sure where it is, you can try:

  • Your web hosting control panel: If you purchased your domain and hosting as a package, your DNS is probably handled by your web hosting company. You’ll want to log into your hosting control panel and look for a menu called DNS or DNS Zone.
  • Your DNS registrar: If you purchased your domain by itself, the DNS is probably managed by the company you bought it from.
  • Your CDN provider: If you’re using a CDN like Cloudflare, your DNS records will be hosted within the CDN settings.

In this example, we’ll show you how to create a DMARC record in Cloudflare.

Open DNS in Cloudflare

The steps are very similar for other domain registrars or hosts, including:

When you open up your DNS, double-check that you don’t already have any DMARC records set up.

You can’t have more than 1 DMARC record in your DNS. But don’t worry: our example record will cover all of the subdomains under your domain, and all of the email addresses you send mail from.

Assuming you don’t, let’s move on and add a DMARC TXT record.

3. Copy and Paste Our DMARC Example

It’s easy to add a DMARC record using this example. There’s no need to use a DMARC generator.

On your registrar’s DNS record screen, click Add record to create a DMARC record. We’ll use Cloudflare in this example.

Add a DMARC record in Cloudflare

A DMARC record is a TXT record starting with _dmarc. So in the Type dropdown, select TXT.

Create new TXT record for DMARC

In the Name field, type _dmarc. with the period (dot) at the end. Some hosts don’t need the period, so they’ll remove it or show an error. In that case, you can safely use _dmarc without the period.

In the large field in the DNS record, paste in this DMARC record example.

v=DMARC1; p=none; fo=1; rua=mailto:[email protected]

Here’s what this rule does:

  • We’re using p=none because it’s the least restrictive setting. You’ll still get email reports if there’s an issue with your DNS, but it’s unlikely to affect your own emails from being delivered. If you start to get suspicious DMARC reports, you could change this part of the rule to p=quarantine.
  • Be sure to change the rua=mailto: address. It should ideally be set to the email address that your mailer service provides in its documentation. If it doesn’t provide one, you can use an email address at your own domain.
  • In basic terms, the TTL (Time to Live) setting is like an expiration date for your DNS. We recommend leaving the TTL setting on Auto, which is typically 4 hours. The setting isn’t crucial, so you can safely select 24 hours or 14400 if that’s the only option you have.

Some providers may ask for an alignment rule. It’s OK to exclude that since it’s not required for DMARC to work.

So after pasting in the rule, here’s our finished DMARC record:

New DMARC record in Cloudflare

Save your new DMARC rule to add the new record to your DNS.

If you already had a DMARC rule in your DNS, check the formatting carefully. Pay attention to the Name field; if you use @ or your domain name in the Name field, it won’t work.

Wait For Your DMARC Record to Propagate

Whenever you make changes to your site’s DNS, you’ll need to wait up to 48 hours for the changes to take effect. If you’re using Cloudflare, you’ll usually find that the changes take place within a few minutes.

When the change has propagated, go back to a web-based DMARC checker like MXToolbox. Check again using its DMARC tool.

Your DMARC rule should show up in a green bar so that you know it’s working.

DMARC rule success in MXToolbox

You can also use WP Mail SMTP to send another test email from WordPress. This will automatically run a fresh check on your DNS and look for your DMARC record.

If you added everything correctly, you’ll now see a pass message like this:

Created DMARC record in WP Mail SMTP

And that’s it! Now you added a DMARC record to your DNS.

Fix Your WordPress Emails Now

Frequently Asked Questions About DMARC

Now you know how to create a DMARC record, let’s look at some other important questions.

Let’s start looking at the answers to these DMARC questions.

What Does DMARC Stand For?

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance.

How Does DMARC Work?

The DMARC protocol checks the SPF and DKIM records for your domain. If the email server can’t find any SPF or DKIM records, it looks at DMARC to figure out what to do with the outbound mail.

Based on the content of the DMARC record, the server might:

  • Quarantine your emails
  • Send them to the junk or spam folder
  • Reject them altogether.

That’s why it’s best to set up DKIM, SPF, and DMARC together. That way, the email server can easily separate emails from a legitimate sender from any spam messages that are sent using your domain.

DMARC has other functions too. For example, it generates technical reports about the actions it’s taken. You might receive these reports if you use your email address in the DMARC rule.

In most cases, you don’t need to worry about DMARC reports unless you have other issues with spam or email deliverability.

Who Can Use DMARC Records?

Anyone who owns a domain name can use DMARC to verify that the emails they send are genuine. There is no charge to use it.

Some third-party providers will say that it isn’t worth using DMARC on a small site. But we always recommend that you set up DMARC anyway because it helps to stop WordPress emails from going to spam.

Do I Need to Create a DMARC Record?

Yes, we recommend that you add a DMARC record if you’re using your domain to send email through a separate email service or provider. For example, if you want to use Sendinblue, you’d need to create a DMARC record on your domain for that.

As a general guide, you don’t need a DMARC record if you’re sending emails from a domain you don’t control, like a Gmail email address.

Can You Create a DMARC Record Without DKIM?

Yes, you can. But we recommend that you set up DMARC, SKIM, and SPF records if your email provider requires them. Not all do, so you’ll want to check the setup steps in their documentation.

Why Did My DMARC Record Check Fail?

If you’ve added your DMARC record and it still isn’t showing up, it may not have propagated. You might see the message ‘no DMARC record found’.

It’s best to wait for 24 hours for a DNS change to propagate before contacting support.

Do I Need to Use a DMARC Record Generator?

No. In most cases, our DNS example will work on your domain. Just be sure to change the email address in our rule before saving it.

If your provider gives different instructions, it’s best to use their DMARC record instead of our example.

Should I Add a PTR Record?

You definitely need a PTR record, but it’s unlikely that you’ll need to create this yourself. For more information, check out our article: What Is a DNS PTR Record (and Do I Need One?). It explains what a PTR does and how you can add one to your DNS.

Fix Your WordPress Emails Now

Next Step: Fix WordPress Emails Going to Spam

Are emails from your WordPress site going to spam? If you have an online store, email delivery issues can be a huge problem for customers who are waiting for order confirmation or despatch emails.

To solve this problem, check out our tutorial on why your WordPress emails are going to spam (and how to fix it).

Ready to fix your emails? Get started today with the best WordPress SMTP plugin. WP Mail SMTP Elite includes full White Glove Setup and offers a 14-day money-back guarantee.

If this article helped you out, please follow us on Facebook and Twitter for more WordPress tips and tutorials.

Comments

  1. This does not work. I set up the DMARC record exactly as you showed here and the system doesn’t seem to pick it up. What can I do? I was not able to contact your support.

  2. Why do you have the policy set to ‘none’ ? According to MXToolbox a policy set to ‘none’ means the DMARC record for this domain is not currently protected against phishing and spoofing threats.
    If that is accurate, doesn’t that defeat the purpose of adding a DMARC record in the first place?
    Thank you in advance for your response.
    -SL

    1. Hey Scott,

      Great question! We recommend that the policy be set to ‘none’, or `p=none` because it is the least restrictive DMARC policy that ensures emails are delivered. With this policy, you will get sending reports if something is misconfigured or if someone else is sending emails with your domain (spoofing).

      With the other policy options, `p=quarantine` or `p=reject`, your own emails may be sent to spam or rejected if there is any misconfiguration.

      Using `p=none` allows you to check that the settings are correct. And if you start to get suspicious DMARC reports, you could change this part of the rule to p=quarantine.

      Hope this helps clarify!

  3. This guide worked for my active domains, but would my dormant UNparked domain be safer with a DMARC record?

    The nameservers are set to the Registrar’s basic DNS, but the domain had no site, so no server response.

    I’m guessing I have to host the domain on a server BEFORE I can actually add a DMARC record?

    I’d prefer to leave the domain “moth-balled” but do wnat to preserve its interity, so what do you advise?

    1. Hi Cmjc

      We’d recommend setting up a DMARC record for all domains, even if you aren’t using them at the moment. If you’ve get basic DNS set up, you can add the DMARC example in the article.

      The purpose of the DMARC record is primarily to send reports to you (or the email provider) if the domain is misused for spamming. You’d still want to know about that, even if your domain is technically dormant.

      If you have any trouble with using DMARC on your site once it’s set up, please drop our support team an email so they can assist.

      If you have a WP Mail SMTP license, you have access to our email support, so please submit a support ticket.

      Otherwise, we provide limited complimentary support in the WP Mail SMTP WordPress.org support forum.

      Thanks πŸ™‚

  4. How does this effect someone who is using WPMailSmpt to receive emails from WP contact forms but using Microsoft Exchange for their [email protected] ? We are using sendinblue as our mailer for wp contact forms, and exchange for actual emails.

    1. Hi Noral

      If you’re using Sendinblue to send email from your contact forms, we recommend that you verify the domain you’re sending email from in your Sendinblue account. For more help with this, you can read our Sendinblue documentation.

      You don’t need to set anything up on the Outlook side since that’s the recipient rather than the sender.

      If you have any trouble with your Sendinblue settings in WP Mail SMTP, please drop our support team an email so they can assist. If you have a WP Mail SMTP license, you have access to our email support, so please submit a support ticket.

      Otherwise, we provide limited complimentary support in the WP Mail SMTP WordPress.org support forum.

      Thanks πŸ™‚

    1. Hello Bob

      Yes, if you’re using a From Address with your own domain name ([email protected]), you need to add a DMARC record in your DNS zone for that domain. Google’s documentation is quite technical, but the example we provided here should work fine.

      You don’t need to add a DMARC record if the From Address is on a domain that Google controls ([email protected])

      I hope this helps πŸ™‚

  5. Worked like a charm! within just 2 minutes after adding the record it worked and propagated very fast with SiteGround Hosting where I can manage the DNS of my domain(s). But it was work without it earlier (why it’s required now?)

    Thank you so much for the great help.

    1. Hi Waleed,

      That’s great to hear, and thank you for letting us know!

      As for why it may be needed now on your site, it’s hard to say the exact cause. Any number of variables could impact email deliverability. This is often to protect users from spam emails from arriving in their inboxes.

      With the many causes of emails not sending properly, WP Mail SMTP can help improve email deliverability.

      In case you do ever run into any issues regarding WP Mail SMTP, please feel welcome to reach out to us.

      If you have a WP Mail SMTP license, you have access to our email support, so please submit a support ticket.

      Otherwise, we provide limited complimentary support in the WP Mail SMTP Lite WordPress.org support forum.

      Thanks πŸ™‚

    1. Hi Lucas,

      Setting up DMARC should not affect your emails. DMARC can be used to receive emails to notify you of unwanted email activity from your domain, while not affecting the other SMTP records.

      However, in case you already have SMTP set up, using more than one SMTP setup on your domain can cause a conflict. If you are only seeking to add DMARC to your current SMTP setup, you could skip ahead to the Copy and Paste Our DMARC Example section to specifically add DMARC.

      I hope this helps!

      Thank you πŸ™‚

  6. We have multiple employees along with order email notifications sent to customers from our website. Do we have to create records for each individual email address?

    1. Hi Bill,

      Great question! You will not need to create multiple DMARC records for each individual email address. If you want to, you can set the email address receiving the DMARC report to forward the emails to the appropriate email addresses.

      However, if you’d like to, you can add multiple email addresses to your DMARC record, as there is no limit to reporting addresses. The DMARC record would need to have each email address separated by commas with no spaces.

      I hope this helps!

      Thank you πŸ™‚

  7. Hello, first of all thanks for your help and your plugin, before I could not send any email to my clients but now I can. The problem is that the email is marked as spam, is there a solution or do I need to tell my clients that they should check their spam mailbox? I have tried all the tips you have given but nothing seems to work. Is “Enabling less secure applications” only if I am going to send emails with those servers right or do I need to do that anyway despite working with an email from my own domain?

    1. Hi Andy,

      I’m glad to hear that WP Mail SMTP has helped your site to start sending emails. In this case, since your emails are still ending up in the spam inbox, it sounds like WP Mail SMTP may not yet be fully configured.

      It may be helpful to look at our complete guide to mailers, find the mailer you are setting up, and following the mailer’s guide.

      If you have already followed the guide to set up the mailer you have selected, you can check the error details in your website’s dashboard under WP Mail SMTP > Tools, and sending a test email to yourself. From there, you should be able to see if there are any issues with your current configuration.

      If you need some extra guidance with this and you have a WP Mail SMTP license, you have access to our email support, so please submit a support ticket.

      Otherwise, we provide limited complimentary support in the WP Mail SMTP Lite WordPress.org support forum.

      I hope this helps!

      Thank you πŸ™‚

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.