DNS guide

DMARC Record Setup Guide

A DMARC record sets your email authentication policy and tells receivers where to send failure reports. Here's how to add one, what each tag means, and the right rollout order to avoid blocking legitimate email.

DMARC record format

Start here (monitoring only):

_dmarc.yourdomain.com TXT "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com"

After reviewing reports (partial enforcement):

"v=DMARC1; p=quarantine; pct=10; rua=mailto:dmarc@yourdomain.com"

Full enforcement:

"v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com"

What each tag does

p= — policy (none / quarantine / reject)
rua= — where to send aggregate reports
pct= — percentage of email to enforce on (gradual rollout)
sp= — policy for subdomains

Check DMARC in DNS

Open DNS Preflight →

Related: DMARC · DMARC policy · DMARC fixes

Step by step

Step 1 Add _dmarc TXT record with p=none and rua= pointing to an email you check.

Step 2 Wait 2-4 weeks — read the aggregate reports.

Step 3 Fix any alignment failures shown in reports.

Step 4 Change to p=quarantine.

Step 5 Monitor for 1 week → change to p=reject.

Step 6 Run DNS Preflight to confirm new policy is live.

FAQ

What is a DMARC record?

A TXT record at _dmarc.yourdomain.com that sets your email authentication policy and enables aggregate reporting.

What is the minimum DMARC record?

v=DMARC1; p=none — this is valid but provides no protection. Add rua= to get reports.

Will adding DMARC immediately block email?

Only if you set p=reject from the start. Start with p=none — it monitors without affecting delivery.

How do I read DMARC reports?

Use DomainPreflight DMARC Report Analyzer — paste the XML for a visual summary of passing and failing senders.

What is the pct= tag?

Percentage of email to apply the policy to. pct=10 with p=quarantine affects 10% of failing emails — useful for gradual rollout.

← All DNS record guides

Open DomainPreflight →