Home/Guides/DMARC Quick Start Guide
Getting Started

DMARC Quick Start Guide

Get DMARC protection running in 15 minutes. Step-by-step setup from zero to monitoring in under an hour.

15-20 min read
Beginner Friendly
Actionable Steps
What You'll Accomplish

In 15 minutes, you'll have a working DMARC record deployed, start receiving reports, and gain visibility into who's sending email from your domain.

Before You Start: Quick Prerequisites Check

DMARC builds on SPF and DKIM. You need at least one (ideally both) configured first.

Check SPF Record

SPF authorizes mail servers to send on your behalf. Check if you have one:

nslookup -type=txt yourdomain.com

Look for: v=spf1 ...

Check DKIM Record

DKIM adds cryptographic signatures. Check your email provider's documentation for DKIM setup.

nslookup -type=txt selector._domainkey.yourdomain.com

Replace selector with your DKIM selector

No SPF or DKIM Yet?

Set up at least SPF before continuing. Without SPF or DKIM, DMARC won't pass alignment checks. See our SPF Record Basics guide.

The 15-Minute DMARC Setup Process

1

Create Your First DMARC Record

Start with a monitoring-only policy to gather data without affecting email delivery.

Starter DMARC Record:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; pct=100; sp=none; adkim=r; aspf=r;
v=DMARC1
DMARC version (required)
p=none
Policy: Monitor only (don't reject/quarantine yet)
rua=mailto:...
Where to send aggregate reports (daily summaries)
pct=100
Apply policy to 100% of emails
sp=none
Subdomain policy (also monitor)
adkim=r, aspf=r
Relaxed alignment (easier to pass)

Pro Tip: Use our DMARC Record Generator to create a customized record in 30 seconds.

2

Add DMARC Record to Your DNS

Publish your DMARC record as a TXT record at a specific subdomain.

DNS Record Details:
Record Type:
TXT
Name/Host:
_dmarc
Value:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; pct=100;
TTL:
3600(1 hour)

Important: DNS changes can take 1-48 hours to propagate globally. Start with a low TTL (3600) for faster testing.

3

Verify Your DMARC Record

Test that your DMARC record is published correctly and readable by mail servers.

Method 1: Command Line (Fast)
nslookup -type=txt _dmarc.yourdomain.com

You should see your DMARC record in the response

Method 2: Online Checker (Beginner-Friendly)

Use our free DMARC checker for detailed validation:

What to Look For:
  • ✓ Record starts with v=DMARC1
  • ✓ Policy (p=) is present
  • ✓ Email address (rua=) is valid
  • ✓ No syntax errors
Common Issues:
  • ✗ Record not found (DNS not updated)
  • ✗ Syntax errors (missing semicolons)
  • ✗ Multiple DMARC records (only 1 allowed)
  • ✗ Wrong subdomain (_dmarc required)
4

Wait for Reports & Analyze

Mail servers will start sending daily aggregate reports to your rua= email address within 24-48 hours.

Report Timeline:
  • Day 1: DMARC record published
  • Day 2-3: First aggregate reports arrive (XML format)
  • Week 1: Collect baseline data on legitimate senders
  • Week 2-4: Identify unauthorized senders, fix SPF/DKIM issues
Reports Are XML Files

DMARC aggregate reports come as XML attachments. They're hard to read manually. Use our converter:

Moving from Monitoring to Enforcement

After 2-4 weeks of monitoring with p=none, you'll have enough data to move to enforcement. Here's the recommended timeline:

Phase 1: Monitor

p=none

Collect data for 2-4 weeks. Identify all legitimate email sources.

Duration: 2-4 weeks

Phase 2: Quarantine

p=quarantine

Failed emails go to spam. Monitor for false positives.

Duration: 2-4 weeks

Phase 3: Reject

p=reject

Failed emails are blocked. Full DMARC protection active.

Duration: Ongoing
Don't Rush to p=reject

Moving too quickly can block legitimate email. Ensure 95%+ of your email passes DMARC alignment before enforcing p=quarantine or p=reject.

Enforcement Checklist:

All legitimate email sources identified in reports
95%+ DMARC pass rate for 2+ weeks
SPF and DKIM properly configured for all senders
Third-party senders (marketing, CRM) passing alignment
No critical business emails failing DMARC

Quick Wins: What You Get Immediately

Email Visibility

See exactly who's sending email from your domain—legitimate senders AND unauthorized ones.

Spoofing Detection

Identify phishing attempts and spoofing attacks targeting your domain in real-time through reports.

Compliance Start

Meet Google/Yahoo 2025 requirements (p=none minimum) and start PCI DSS 4.0 compliance journey.

Deliverability Data

Understand which IPs are sending your email and how recipients (Gmail, Outlook) are treating it.

Common Mistakes to Avoid

Starting with p=reject

Problem: Blocks legitimate email immediately if SPF/DKIM aren't perfect.

Solution: Always start with p=none to monitor for 2-4 weeks first.

Invalid rua= email address

Problem: Reports bounce or go to non-existent mailbox. You lose all visibility.

Solution: Use a real, monitored email address. Test it receives reports.

Forgetting about subdomains

Problem: marketing.yourdomain.com isn't protected by your main DMARC record.

Solution: Use sp=none (or sp=quarantine) to apply policy to subdomains.

Not analyzing reports

Problem: DMARC reports arrive but you never look at them. Defeats the purpose.

Solution: Set up weekly report reviews or use a DMARC management platform.

What's Next After Setup?

1

Monitor Reports Weekly

Review aggregate reports every week to identify new email sources and track pass rates.

2

Fix SPF/DKIM Issues

Address any alignment failures before moving to enforcement policies.

3

Plan Enforcement Timeline

After 2-4 weeks at p=none with 95%+ pass rate, schedule your move to p=quarantine.

4

Consider Enterprise Platform

For multiple domains or ongoing management, a DMARC platform provides automated reporting and insights.

Related Guides

What is DMARC?

Understand DMARC basics before diving into setup

Read guide

SPF Record Basics

Set up SPF before implementing DMARC

Read guide

Email Authentication Overview

How SPF, DKIM, and DMARC work together

Read guide

Ready to Deploy DMARC?

Use our free DMARC Record Generator to create your record in 30 seconds, or try our enterprise platform for automated management across all your domains.

Free DMARC Tools

DMARC Record Generator

Create a custom DMARC record in 30 seconds

DMARC Record Checker

Verify your DMARC record is valid

DMARC XML Converter

Convert XML reports to readable format

SPF Record Checker

Validate SPF records and check DNS lookups

DKIM Record Checker

Verify DKIM signatures are configured

Policy Impact Simulator

Preview enforcement policy impact