Alright, you’ve decided to get DMARC locked down. Here’s how to add it to your DNS in six no-BS steps:
1. Log Into Your DNS Hosting Provider and Create a New Record 🖥️
Head over to your DNS hosting provider and log in. Look for the option to create a new record or edit the TXT section. Every provider’s interface is a bit different, so just hunt down that “new record” option. Once you’re in, you’ll see three key fields:
↠ Host/Name: Where you’ll specify the _DMARC part.
↠ Record Type: Usually a dropdown; you’ll pick “TXT.”
↠ Value: Where all the DMARC magic happens.
2. Choose TXT for the DNS Record Type 📜
In the list of DNS record types (based on your provider), select “TXT“. Done! You can also use trusted tools or platforms to simplify the process and ensure your DMARC record is configured correctly for optimal deliverability and protection.
3. Add the Host Value 🔑
In the Host/Name field, you’ll likely input `_DMARC`, and most hosting providers will automatically append your domain or subdomain after it.
⚠️ Heads-up for Subdomains: If this DMARC is for a subdomain, type it like `_dmarc.subdomain.` Your provider will likely append your main domain. It’ll look something like this:
4. Add the “Value” Info
This part is crucial. You need two tag-value pairs for every DMARC record:
↠ v = DMARC1 (this identifies the version).
↠ p = (followed by none, quarantine, or reject):
When to use each policy:
- p = none: Good starting point for monitoring email traffic without filtering or blocking anything. Use this if you’re just starting to implement DMARC and want to collect data on your emails without impacting deliverability.
- p = quarantine: This policy will move suspicious emails to the spam folder. Use this if you have established a good email reputation but want to start filtering out potential threats.
- p = reject: The strictest policy, rejecting suspicious emails outright. Use this once you’re confident your email sending practices are solid, and you want to block any unauthorized messages from reaching inboxes.
Most of the tools suggest p = none to avoid accidentally bouncing legitimate emails. We also recommend adding a “rua” tag to get performance reports on your email setup.
Example DMARC Value:
v=DMARC1; p=none; rua=mailto:dmarcreports@xyz.com
Tips:
↠ Separate tags with semicolons.
↠ For multiple emails in “rua” and “ruf” tags, separate addresses with commas.
↠ Skip “Advanced Tags” for now – not necessary for initial setup.
5. Save That Record 💾
With everything entered, your record should look something like the example above. Go ahead and hit that Save/Create button to make it official.
6. Validate the Record 🎯
The final step is to ensure your DMARC record is set up correctly.
To do this;
1. You can use a DMARC record checker with tools like PowerDMARC or dmarcian. These tools will confirm your record’s syntax, values, and setup.
2. Search for “DMARC record checker” online, enter your domain, and get a report detailing whether your record is correctly configured.
And that’s it—six steps to mastering DMARC setup! Now, it’s time to enjoy the peace of mind that comes with secure email practices.
Keep Your Emails Out of Spam and Build Your Reputation ✅
And one last move if you want your emails to actually hit the inbox? Email warm up your email.
New domains don’t have a sender reputation, so they can look suspicious. Without a proper email warm up, you risk ending up in spam, even with a pristine setup.
Email warm up is your go-to for this. It’s an email warm up service that builds your sender reputation step by step. You’ll stay far from the spam folder and close to your customers’ inbox. 📈
You can learn more about how email warmup can help your emails reach inboxes in our Emails Going to Spam blog.
What happens next is pure inbox magic. Your emails go through a private network where they’re opened, marked as important, and even replied to. This isn’t just for show. It tells Google, “Hey, these emails matter!” When people are interacting, Google takes note – big time.
When you hit send on your next email campaign, your emails don’t hit the spam folder. They go directly to your customers’ inboxes – right where they should be. That means more sales, more impact, and way less spam doom. If you’re unsure about your current deliverability, it might be worth testing it with our Email Deliverability Test tool to ensure your emails are in top shape.
Thanks.
FAQs:
How is DMARC set up?
Log into your DNS hosting provider, create a new TXT record, and set the host to `_dmarc.yourdomain.com`. Then, in the value field, add the DMARC tags, like `v=DMARC1; p=none; rua=mailto:yourreportemail@yourdomain.com`. Save the record, and you’re done.
How to set up DMARC for Gmail?
If you’re using Google Workspace, go to your DNS provider, add a new TXT record, and use `_dmarc.yourdomain.com` as the host. In the value, include `v=DMARC1; p=none; rua=mailto:yourreportemail@yourdomain.com`. Save it, and Gmail will start processing your DMARC settings.
How do I activate my DMARC policy?
To activate, set the `p=` tag in your DMARC record to either `none`, `quarantine`, or `reject`. For example, `p=quarantine` will flag suspicious emails, while `p=reject` blocks them entirely. Update the DNS record with your choice, and it’s live.
What should I set my DMARC policy to?
Start with `p=none` to monitor and ensure things are working smoothly without affecting email flow. Once you’re confident, switch to `p=quarantine` or `p=reject` to increase protection against unauthorized emails.
