Registrar guide

Adding a DMARC Record in AWS Route 53 DNS

DMARC lives at _dmarc. In AWS Route 53, put _dmarc in Record name (blank = apex) — not _dmarc.yourdomain.com unless your UI asks for the full name.

Exact fields

Type: TXT Record name (blank = apex): _dmarc Content: "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com" TTL: Auto / Automatic

Rollout

Start with p=none. Read aggregate reports, fix SPF/DKIM alignment, then tighten.

Analyze DMARC XML

Open DMARC Report Analyzer →
See also: DMARC setup guide · DMARC glossary · DMARC fixes

Step by step

Step 1 Go to AWS Console → Route 53 → Hosted zones → your domain → Create record.
Step 2 Add a TXT record (Create record).
Step 3 Set Record name (blank = apex) to _dmarc.
Step 4 Paste v=DMARC1; p=none; rua=mailto:you@yourdomain.com (adjust mailbox).
Step 5 Save the record.
Step 6 Run DNS Preflight. After reports arrive, consider p=quarantine then p=reject.

FAQ

What Record name (blank = apex) do I use for DMARC?

_dmarc — the label for the DMARC policy host.

SPF is also TXT — do they collide?

No. SPF sits at the root; DMARC sits at _dmarc. Different names.

When do I move to p=reject?

After weeks of clean reports and no surprise mail sources — never on day one.

Where do reports go?

Addresses in rua= (aggregate) and optionally ruf= (forensic). Use the analyzer to read XML.

Can I edit the same row later in AWS Route 53?

Yes — edit the existing TXT and save. DMARC updates are normal.

← AWS Route 53 guides

Open DomainPreflight →