To configure DMARC, you need to create a DMARC record. The created DMARC record is a TXT record that is then published on your DNS. This kicks start your email authentication process. By setting up a DMARC record you empower domain owners to instruct receivers how they should respond to emails sent from unauthorized or illegitimate sources.

Key Takeaways

Creating a DMARC record involves publishing a TXT record on your DNS to authenticate your emails.
Choosing the right DMARC policy is essential for controlling the handling of unauthorized emails.
Configuring optional fields such as aggregate and forensic reports can provide valuable insights into your email authentication status.
Verifying your DMARC record helps ensure it is set up correctly and maintains your domain’s security.
Implementing DMARC is crucial not only for protection against fraud but also for maintaining email deliverability and compliance with industry regulations.

How to create a DMARC record

To create a DMARC DNS record for your domain, make sure you have – a) a reliable tool to generate the record and b) access to your DNS management console to publish the record. Follow the steps given below:

Simplify DMARC with PowerDMARC!

Start 15-day trial Book a demo

1. Use a DMARC Record Generation Tool

Sign up to access our portal using an email address or sign up using Gmail/Office 365. Go to Analysis Tools > PowerToolbox > DMARC Record Generator to start creating your DMARC record.

3. Define a DMARC policy for your DMARC record

Decide on a DMARC policy depending on your desired enforcement level (none, quarantine, or reject). Here’s how you choose your DMARC record policy:

If you want no action to be taken against unsolicited emails sent from your domain – choose “none”
If you want to quarantine emails that fail DMARC, choose “quarantine”
If you want to reject or discard emails that fail authentication, which can minimize spoofing and phishing attacks, choose “reject”

3. Configure recommended DMARC record optional fields

While not all fields are mandatory, we recommend you configure a few useful optional fields in your DMARC record. Let’s find out what they are:

Aggregate (rua) reporting field: If you configure the rua field, you will receive DMARC authentication data directly on your email address.
Florence (ruf) reporting field: Gain insights into forensic incidents like cyber attacks by configuring the ruf field in your DMARC record.
DKIM/SPF alignment modes” Choose whether you wish to opt for a relaxed or a strict alignment for SPF and/or DKIM.

Setup DMARC Fast with PowerDMARC!

Start 15-day trial Book a demo

How to Publish DMARC Record?

To publish DMARC record there are a few prerequisites:

You need to have access to your DNS management console
You need to have permission to edit and add new DNS records for your domain

Step 1: Access your DNS Management Console

Given below is an example of a cPanel DNS management console, however, steps will vary depending on your DNS hosting provider (e.g. Cloudflare, Godaddy, Bluehost, Amazon SES, etc.)

Step 2: Click on DNS Zone Editor

Under the Domains section, click on DNS Zone editor or Advanced Zone Editor

Step 3: Add a TXT type record

Add DMARC record of type TXT (tex), filling in details as shown below. In the “TXT data” or “value” field you need to paste your previously created DMARC record.

Note: Steps may vary depending on your DNS hosting provider.

How to Verify Your DMARC Record?

To verify your DMARC record & avoid the common “No DMARC record found” error, you can use our free verification tool.

1. Sign up for free and navigate to Analysis Tools > PowerToolbox > DMARC Record Checker

2. Review your DMARC record status, syntax and tags to uncover any errors you may have

Types of DMARC Record Statuses

Status	What it means	What can you do
Valid	Your DMARC record is correct and free of errors	Do nothing
Invalid	Your DMARC record has errors. This can be due to an incomplete or erroneous syntax.	Review your syntax, refer to our complete guide on DMARC tags, or contact us for expert assistance.
No Record Found	No DMARC record was present in your DNS.	Create a DMARC record for your domain and publish it on your DNS.

Once you detect errors in your record, you must implement the necessary changes to your DNS and save changes. You may recheck your record once the changes are processed.

DMARC Record Examples

Example 1: A typical error-free DMARC record with only mandatory fields:

v=DMARC1; p=none;

The generated record is now to be published in your domain’s DNS on the subdomain: _dmarc.YOURDOMAIN.com

Example 2: A typical error-free DMARC record with a none policy looks something like this:

v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1;

Example 3: A typical error-free DMARC record with a quarantine policy looks something like this:

v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1;

Example 4: A typical error-free DMARC record with a reject policy looks something like this:

v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1;

DMARC Record is Published: What’s Next?

After you are done publishing your DMARC record your next step should be to focus on protecting your domain from scammers and impersonators. That is your main agenda when you are implementing security protocols and email authentication services.

Simply publishing a DMARC record with a p=none policy doesn’t offer any protection against domain spoofing attacks and email fraud. For that, you need to shift to DMARC enforcement.

DMARC Record Explained

The DMARC record contains information such as the domain’s policy for handling failed authentication (reject, quarantine, or none), a reporting email address to receive feedback on email authentication results, and optional additional instructions.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) helps prevent email spoofing and phishing by providing a way for email receivers to differentiate legitimate emails from fraudulent ones, reducing the risk of email-based scams and attacks.

Why Do You Need to Add DMARC Record?

Businesses need to add DMARC records in order to protect their domain names and emails against various forms of email-based attacks, impersonation, and fraud.

Here are some key reasons why you might want to add a DMARC record:

Email authentication: DMARC helps verify the authenticity of emails sent from your domain.
Protect against phishing: Phishing attacks often involve the impersonation of well-known brands or organizations. By setting up DMARC, you can prevent cybercriminals from using your domain name to send fraudulent emails to unsuspecting recipients.
Email deliverability: A DMARC record helps improve the deliverability of legitimate emails from your domain, as receivers can confidently identify legitimate emails and avoid marking them as spam.
Reporting and visibility: DMARC also includes reporting mechanisms that provide valuable insights into the email ecosystem and potential abuse of your domain.
Complying with Google and Yahoo’s requirements: Google and Yahoo now require bulk email senders to implement DMARC. Non-compliance will result in deliverability issues.
Complying with PCI-DSS v4 requirements: Version 4 of PCI-DSS will require credit card companies handling sensitive financial data to implement DMARC from March 2025.

Top 6 Reasons to Add DMARC Record for Enhanced Security

DMARC records play a pivotal role in an organization’s security posture. As discussed above, DMARC prevents a wide range of email-based attacks, which is more important now than ever before since:

The Federal Trade Commission reported emails as a prominent vector for cyber attacks
In 2021, more than 40 million US dollars was lost to phishing attacks
Google blocks 100 million phishing emails every day
FBI’s IC3 report outlined that Business Email Compromise made businesses lose 10.3 billion in 2022

DMARC Enforcement with PowerDMARC

To gain immunity from impersonation attacks while making sure that your email deliverability doesn’t get impacted at enforcement, what you need to do is:

Sign up with PowerDMARC and enable DMARC reporting tool for your domain
Get daily DMARC RUA reports on email authentication results available in an array of viewing options for ease of understanding
Get forensic report updates on the dashboard whenever emails fail authentication
Stay under the SPF hard limit to ensure your SPF record never gets invalidated

With DMARC aggregate and forensic reports, moving from monitoring to enforcement becomes a cakewalk for domain owners, as you can visually monitor your email flow and track and respond to deliverability issues instantaneously from the PowerDMARC platform. Sign up today for your free DMARC analyzer trial!

About
Latest Posts

Maitham Al Lawati

Cybersecurity Expert, CEO at PowerDMARC

Maitham is a tech entrepreneur, cybersecurity expert, CEO and Founder of PowerDMARC with 15+ years of industry experience. Maitham holds a Global MBA from the University of Manchester and various professional certifications including CISSP, CISM, CRISC, and ISC2 CCSP.

Latest posts by Maitham Al Lawati (see all)

How to Fix “No SPF record found” in 2025 - January 21, 2025
How to Read a DMARC Report - January 19, 2025
What is MTA-STS? Setup the Right MTA STS Policy - January 15, 2025

How to Publish a DMARC Record in 3 Steps