DNS provider
Add a DMARC record in Cloudflare DNS
DMARC lives at _dmarc.yourdomain as a TXT record. Cloudflare DNS is your control plane — one typo in the name field and receivers never see the record.
Provider gotcha: Proxy (orange cloud) must be grey (DNS only) for MX records, mail A records, and anything that must resolve exactly for mail. TXT for DMARC/SPF/DKIM should also use DNS-only — orange cloud can interfere with how some tools read mail DNS.
See also DMARC record reference and DMARC setup guide.
Step by step
Step 1 Open the Cloudflare Dashboard → DNS → Records → Add record.
Step 2 Choose TXT. In the name/host field enter
_dmarc only (Use the subdomain only in the Name field — e.g. _dmarc or @ for apex, not the full hostname.).Step 3 Paste this value in one piece (follow your provider’s quoting rules):
v=DMARC1; p=none; rua=mailto:dmarc@example.com; fo=1
Step 4 TTL: 1 hour is fine for rollout. Save. Remember: Proxy (orange cloud) must be grey (DNS only) for MX records, mail A records, and anything that must resolve exactly for mail. TXT for DMARC/SPF/DKIM should also use DNS-only — orange cloud can interfere with how some tools read mail DNS.
Step 5 Query
_dmarc.yourdomain with dig or use DNS Propagation across resolvers.Step 6 Run DNS Preflight on the domain — DMARC policy and reporting should appear once TXT resolves.
DNS Preflight — full auth check for your domain.
Propagation — compare resolvers.
FAQ
Where do I add DMARC in Cloudflare DNS?
In the DNS zone for your domain — TXT name _dmarc, value starting with v=DMARC1.
Why is my DMARC not visible yet?
TTL on the old record, or wrong name (full FQDN vs relative). Check authoritative NS.
Does Cloudflare DNS proxy DMARC TXT?
Treat mail-related DNS as DNS-only where applicable — follow the provider gotcha on this page.
What p= should I start with?
p=none for monitoring — tighten after reports look clean.
How do I verify?
DNS Preflight and the DMARC Report Analyzer after rua= receives XML.