DMARC (Domain-based Message Authentication, Reporting and Conformance) builds on SPF and DKIM. It tells receiving mail servers what to do when an email fails authentication — and optionally sends you reports about it.
Before setting up DMARC
Make sure you have already configured SPF and DKIM for your domain. DMARC will not work properly without both.
Step 1 — Add the DMARC TXT record in cPanel
- Log in to cPanel.
- Go to Domains → Zone Editor.
- Click Manage next to your domain.
- Click Add Record and select TXT.
- Set the Name to: _dmarc.yourdomain.com
- Set the TTL to 14400.
- In the Record field, enter the DMARC policy (see below).
- Click Save Record.
Recommended DMARC policies
Start with monitoring only (recommended for new setups):
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
This policy takes no action but sends daily reports to your email address so you can see who is sending on behalf of your domain.
Quarantine (move failing emails to spam):
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com
Reject (block failing emails entirely — use only when confident):
v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com
Replace dmarc@yourdomain.com with the email address where you want to receive DMARC reports.
Verify your DMARC record
Use https://mxtoolbox.com/dmarc.aspx to confirm the record is live and correct.
