Skip to main content

DMARC: Quick Guide on How to Setup DMARC

This article explains how to set up your DMARC record.

Updated this week

Hey lemlister! 👋

DMARC (Domain-based Message Authentication, Reporting & Conformance) helps you protect your domain from spoofing and phishing - and boosts your email deliverability.

In this guide, you’ll learn:

  • What DMARC is and why it matters

  • How to publish a DMARC record (step-by-step)

  • How to interpret DMARC reports

  • How to use DMARC to strengthen your sender reputation

What Is DMARC and Why It Matters

DMARC is an email authentication protocol that builds on SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).

It tells mailbox providers (like Gmail, Outlook, or Yahoo) what to do when an email fails authentication checks - helping prevent phishing, spoofing, and domain impersonation.

In short:

  • For recipients, DMARC keeps inboxes safe.

  • For senders, DMARC builds trust and credibility with mailbox providers.

  • For your brand, it protects your reputation and improves deliverability.

All major email providers (Gmail, Outlook, Yahoo, Apple Mail, AOL, and more) support DMARC.

How to Publish a DMARC Record (Step-by-Step)

Before you start, make sure you already have SPF and DKIM set up for your domain and wait at least 48 hours for them to propagate.

Then follow these steps:

  1. Go to your DNS hosting provider.
    This could be GoDaddy, Cloudflare, Namecheap, IONOS, or another host.

  2. Create a new DNS record.

    • Type: TXT

    • Name / Host: _dmarc

    • TTL: 3600 (1 hour) - unless your host requires otherwise.

  3. Add your DMARC record value.
    Here’s a simple example you can copy and adapt:

    v=DMARC1; p=none; rua=mailto:[email protected]

  4. Save the record and wait for DNS propagation (usually a few hours).

  5. Validate your setup using a DMARC record checker (such as MXToolbox, dmarcian, or EasyDMARC).

Example DMARC Records

Example

Description

v=DMARC1; p=none; rua=mailto:[email protected]

Start in monitoring mode (no enforcement).

v=DMARC1; p=quarantine; rua=mailto:[email protected]; pct=50

Quarantine half of unauthenticated emails.

v=DMARC1; p=reject; rua=mailto:[email protected]; pct=100

Fully enforce - block unauthenticated emails.

Understanding DMARC Policy Options

Policy

What It Does

When to Use

p=none

Collects reports but doesn’t block emails.

For monitoring and testing.

p=quarantine

Sends unauthenticated emails to spam/junk.

When you’re ready to start enforcing.

p=reject

Blocks all unauthenticated emails completely.

For full protection once SPF & DKIM are stable.

💡 Tip: Start with p=none for a few weeks to monitor reports before moving to quarantine or reject.

DMARC Tags Explained

Tag

Description

v=

Version (DMARC1).

p=

Policy (none, quarantine, or reject).

rua=

Aggregate report recipient (where daily XML reports are sent).

ruf=

Forensic report recipient (for detailed individual failures).

pct=

Percentage of emails to which the policy applies. Default: 100.

aspf= / adkim=

Alignment mode for SPF/DKIM (strict or relaxed).

sp=

Policy for subdomains.

fo= / rf= / ri=

Reporting options, format, and frequency.

What DMARC Reports Contain

DMARC reports (usually XML files) provide insight into:

  • IP addresses sending emails on your behalf

  • The number of emails sent per IP per day

  • SPF & DKIM authentication results

  • DMARC pass/fail status

  • Details of quarantined or rejected messages

You can use free tools like dmarcian, Postmark DMARC, or EasyDMARC to convert XML reports into human-readable dashboards.

Aggregate (rua) vs Forensic (ruf) Reports

Type

Details

Format

Frequency

Aggregate (rua)

Summarized daily reports of all email traffic.

XML

Daily

Forensic (ruf)

Real-time reports on individual message failures.

Plain text

Real-time (limited providers)

🧩 Note: Forensic reports may include personally identifiable information (PII). Most mailbox providers send only aggregate reports for privacy reasons.

Why Strong DMARC Policies Improve Deliverability

It may seem counterintuitive, but stricter DMARC policies help deliverability when configured correctly.

Mailbox providers see strong authentication (SPF, DKIM, DMARC) as a trust signal — meaning:

  • You’re less likely to land in spam.

  • You’re less likely to be blocklisted.

  • You’re more likely to reach the inbox.

In other words: stronger authentication = stronger reputation.

Final Tips for Implementing DMARC

  • Start with p=none to monitor results.

  • Review DMARC reports regularly.

  • Gradually enforce quarantine, then reject.

  • Keep SPF and DKIM aligned across all sending services.

  • Create a dedicated mailbox (e.g., [email protected]) for reports.

Implementing a strong email authentication policy with DMARC is essential for improving your deliverability. Not only does it demonstrate to mailbox providers that you are a legitimate sender, but it also helps to protect your subscribers from malicious emails that impersonate your domain. It's a win-win situation, so start implementing DMARC today

💬 Need Help?

If you need help understanding your DMARC setup, feel free to contact our support team.
However, please note that DNS record configuration must always be handled through your domain provider.

Related Articles
How to set up your DKIM, SPF and DMARC?
DNS Setup Guide for Beginners
How to Set DNS Records on Godaddy?
Did this answer your question?