How To Add DMARC Records - DMARC Examples and Tests

This is how to add DMARC records to your DNS. See DMARC examples, DMARC Creation Tools, and how to check DMARC using online tools. Meet required new standards of domain authority. Works with CDN NameServers, like LiteSpeed’s QUIC.cloud NameServers. Also, this is a part of my Security of Website category.

What is DMARC?

DMARC stands for Domain-based Message Authentication Reporting and Conformance. It focuses on authenticating email messages. It works alongside SPF and DKIM records, as additional email authentication methods. This is also why those 2 items are also a requirement for setting up a DMARC entry. Cloudflare explains it very well in “What is a DNS DMARC record?“.

Prerequisites of DMARC: DKIM & SPF

DKIM and SPF should be setup before adding a DMARC record to a domain. Also, it’s a best practice if those requirements are done at least 48 hours earlier. You can check if these were setup with the below online checkers.

What is SPF?

SPF is the Sender Policy Framework. It’s a DNS text record that lists all the mail servers that represent authorities of sending mail for that domain.

What is DKIM?

DKIM stands for Domain Keys Identified Mail. It’s another layer of protection to help authenticate that an email really does represent your domain mail. So, when a spammer changes their sender email address, this layer will help show it’s not sourced nor authenticated coming from that domain’s mail.

How To Check DMARC, DKIM, & SPF

how to check dmarc in domain before you try to add dmarc records — How to check DMARC in domain before you try to add DMARC records.

Check DMARC:
- DMARC Lookup by Easy DMARC
- DMARC Inspector by DMarcian.com.
Check DKIM: DKIM Lookup by Easy DMARC. Requires domain name and “Selector” value.
- Look at DNS text record for DKIM. It’s usually the first part of the DKIM record’s name. Example: Looking through DNS zone records finds a record “VALUE” starting with “v=DKIM1…” and its record “NAME” (or “Host) of “default._domainkey…” means the DKIM “Selector” value is: default
Check SPF: SPF Lookup by Easy DMARC. Only requires domain name.

Steps To Add DMARC Records

Here are several methods to adding DMARC text records to your Domain Name Servers. It’s also referenced in my “WP Security Check” and “Complete Guide to Security of WordPress Sites“.

Check DMARC Record in cPanel (before you add a DMARC record)

First, verify DKIM and SPF has been setup.
Login to your cPanel (or other control switchboard for your domain) of your website host provider.
Search for DMARC. Then, tap on the first item that appears. It references mail.
Then, it will run a short process to evaluate your DMARC, DKIM, and some others.
Scroll down and look for the reference to DMARC.
Copy the DMARC item inside the “value” box.
Then, follow the example shown next for how to use that copied value and add a new text record for DMARC.

Example Adding a DMARC Record to DNS (LiteSpeed)

Logon to the provider that holds your DNS (Domain NameServer). While each account menu is different, go to Edit or Manage your Domain for its assigned NameServers. Then, follow steps similar to this example. This example starts with locating and editing LiteSpeed DNS Zone.

start to add a dmarc record by logging into provider account that has your domain dns — 1. Start to add a DMARC record by logging into provider account that has your domain’s DNS zone records.

EXAMPLE for finding LIteSpeed NameServers using QUIC.cloud account. After logging into QUIC.cloud, you’re in “My Domains” section by default.
- Then, look in the topmost right hand side and tap on “DNS Zones”.
- On the list of domains shown, tap <Manage Zone> in the same row of your chosen domain.

dmarc examples like litespeed selection to manage dns zone — 2. DMARC examples like LiteSpeed. Select the domain’s DNS to manage.

From this point forward, be very precise. Also, make a backup of all the DNS records just in case. A backup is done by tapping on the drop down box <Tools> | <Export DNS Records>. Save that file just as a backup in case it’s needed in the future.
Now, tap <+ Add New Record> and a blank row is revealed.

how to add dmarc records begins after you tap on add new record — 3. Tap to Add NEW Record. Then, you can populate the values.

Change the “Type” to be “TXT”. The other fields will automatically change to fit properly for a new text record.
In the “Name” field, type in: _dmarc
- However, if this is a subdomain (not an addon domain), you will follow “_dmarc” with a period (.) and the domain name. For example: _dmarc.mydomain.com
In the “TTL” field, leave it as “Auto”.
Then, in the “Content” field., paste in the value obtained from the cPanel DMARC value revealed earlier.

populate values and tap add record to add a dmarc record to dns — 4. Populate values and tap to Add Record.

Finally, tap <Add Record>. In other example DNS serves, it might be <Save Record> to add a DMARC record conclusion.
Now, you can test to see if you DMARC record took hold. For LiteSpeed related DNS, it will be immediately seen. However, with other slower DNS servers, it can take a few minutes up to over a day.

add dmarc records ends after scrolling through records to confirm success of add dmarc record to dns — 5. Scroll through DNS zone’s records to confirm success of adding the DMARC record.

Editing DMARC Records Tags

There are 3 DMARC records tags that are used. Some domains just popular the first 2. Regardless, here’s the meaning behind all 3 DMARC tags and how to use them.

v Tag: Version Tag

For a very long time, the DMARC v Tag remains as v=DMARC1

p Tag: Policy Tag

There are various entries you can have for the ‘p’ tag. Here they are listed and described.

p=none
- This entry has no impact and can be considered the default entry. In other words, all email passes through uninterrupted.
p-quarantine
- This entry asks receiving mail servers to not fully process the email. So, most mail servers may mark the incoming email as SPAM.
p=reject
- This entry asks receiving mail servers to reject the email. Most will then reject the incoming email some will still let it be processed but it will be marked as SPAM.

If your DMARC results check reflect it doesn’t have any spam filtering, it might be because one of the items in the “Content” field is showing as “p=none”. So, I changed mine to be “p=reject”. Read your own options available for the “p” value as shown and explained in the results area on the tester. This helps your SEO over time of your domain name’s reputation and authority.

rua Tag: Reports Tag

This optional tag is so you’ll receive periodic emails with an attached data file of records about domain emails that were attempted and the results of how they were handled. For this to happen, you put in an email address you have setup to send you those specialty mail reports.

More information on DMARC tags are discussed in this excellent article “DMARC Tags” by ValiMail.com.

Generate DMARC Record

Generate DMARC record for those who want online tools to create them automatically. These tools display values you can use inside your text record you’re adding. Also, some offer paid services to do it all for you. However, these are generally easy tasks many can perform themselves.

DMARC Creation Tools to Build DMARC Record

DMARC Record Wizard by DMARCian.com.
Detailed Free DMARC Record Generator by DMARCly.com.

Related to How To Add DMARC Records & More

Here is one of the best posts on how to add DMARC records I’ve seen. The author, Chad Kime, discusses it in a very organized manner and includes the innermost details of each record and their tags used in each. So, read his post “DMARC Setup & Configuration: Step-by-Step Guide“.

Conclusion

You’ve now seen a full set of options available on how to add DMARC records to your domain’s nameservers (DNS). Also, you’ve found it full of DMARC examples including details and links on how to add a DMARC record. So, coupled with all the internal and external links, you have the full set of tools to check, make, and build your own DMARC records.

How To Add DMARC Records: Free Ways & DMARC Examples