DNS provider
Add a DMARC record in Amazon Route 53
DMARC lives at _dmarc.yourdomain as a TXT record. Amazon Route 53 is your control plane — one typo in the name field and receivers never see the record.
Provider gotcha: TXT values must be wrapped in quotes in the value field. Multiple strings in one TXT are entered as separate quoted strings on one line.
See also DMARC record reference and DMARC setup guide.
Step by step
Step 1 AWS Console → Route 53 → Hosted zones → select your domain → Create record.
Step 2 Choose TXT. In the name/host field enter
_dmarc only (For apex SPF, leave the record name blank (not @). For DMARC use _dmarc in the name field.).Step 3 Paste this value in one piece (follow your provider’s quoting rules):
"v=DMARC1; p=none; rua=mailto:dmarc@example.com; fo=1"
Step 4 TTL: 1 hour is fine for rollout. Save. Remember: TXT values must be wrapped in quotes in the value field. Multiple strings in one TXT are entered as separate quoted strings on one line.
Step 5 Query
_dmarc.yourdomain with dig or use DNS Propagation across resolvers.Step 6 Run DNS Preflight on the domain — DMARC policy and reporting should appear once TXT resolves.
DNS Preflight — full auth check for your domain.
Propagation — compare resolvers.
FAQ
Where do I add DMARC in Amazon Route 53?
In the DNS zone for your domain — TXT name _dmarc, value starting with v=DMARC1.
Why is my DMARC not visible yet?
TTL on the old record, or wrong name (full FQDN vs relative). Check authoritative NS.
Does Amazon Route 53 proxy DMARC TXT?
Treat mail-related DNS as DNS-only where applicable — follow the provider gotcha on this page.
What p= should I start with?
p=none for monitoring — tighten after reports look clean.
How do I verify?
DNS Preflight and the DMARC Report Analyzer after rua= receives XML.