How to add a DMARC record in cPanel Zone Editor

Category: cPanel

DMARC is a DNS record that tells receiving mail servers what to do with messages that claim to come from your domain but fail SPF or DKIM checks. Having it set up helps your legitimate email reach the inbox and makes it harder for someone to spoof your domain. In this guide you’ll add or update a DMARC TXT record from cPanel Zone Editor.

Before you start

  1. Your domain must use cPanel’s DNS for your account. If your DNS is hosted elsewhere (for example Cloudflare or your registrar), add the same value in that panel or contact support.
  2. You should already have SPF and DKIM set up, because DMARC builds on those two checks.
  3. You need a mailbox you control so you can receive the DMARC reports.
  4. Check whether your domain already has a DMARC record, so you don’t create a duplicate.

Steps

  1. Log in to cPanel.
  2. In the Domains section, open Zone Editor.
  3. Find your domain in the list and click Manage, or the option to add a record.
  4. Choose the TXT record type.
  5. In the Name field, enter _dmarc. Some panels ask for the full name _dmarc.yourdomain.com; cPanel usually appends the domain for you.
  6. Leave the TTL at its default value (for example 14400), or use a lower one if you want the change to apply sooner.
  7. In the record content field (TXT Data), enter a safe starter value: v=DMARC1; p=none; rua=mailto:postmaster@yourdomain.com
  8. Replace postmaster@yourdomain.com with an email address you control.
  9. Save the record with the Add Record button.

How to verify the record

  1. Wait for propagation, which can take from a few minutes up to 24-48 hours.
  2. Go back to Zone Editor and confirm the _dmarc TXT record shows the value you entered.
  3. Use an online DMARC lookup tool, or run nslookup -type=TXT _dmarc.yourdomain.com from your own computer, to confirm the value is published.
  4. Make sure the lookup returns only one DMARC record.

Common errors

  1. Having more than one DMARC record: only one _dmarc TXT record should exist. With two, mail servers may ignore them.
  2. Using a rua= address that doesn’t exist or that you don’t manage.
  3. Forgetting v=DMARC1; at the start of the value: it’s required and must come first.
  4. Starting with p=reject or p=quarantine without monitoring first: always begin with p=none.
  5. Editing DNS at the wrong provider when your domain uses external DNS.
  6. Leaving extra spaces or quotes when pasting the record value.

Still need help?

If this guide didn’t solve your issue, our team can help you via ticket.

Open ticket Go to my account