Add a DMARC Record with Policy set to Reject into DNS

This guide will explain how to add a default DMARC record into DNS, DMARC records are used to help monitor for email spoofing on a domain, they can also be used by spam filters whether emails land in spam or discarded

The DMARC record added in this guide will have a Reject policy, if spoofing has been reported on a domain then it advisable to set its SPF and DKIM policy to strict. This will require having a correct SPF and DKIM record or it can impact email deliverability

When adding an email address into DMARC it is important to use an email address setup specifically for DMARC, Do Not Use A Personal Email for DKIM Reports as this email address will be published publicly into DNS

TL;DR DMARC records can be added as TXT records in cPanel via cPanel > Zone Editor > Manage > Add DMARC Record > Save Record


To complete this will require having a cPanel account and a domain that requires a DMARC record, here is an example of a DMARC record “v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;pct=100;fo=0;rf=afrf;ri=86400;rua=mailto:[email protected];ruf=mailto:[email protected]

How to add a DMARC record with Policy set to Reject into DNS using cPanels Zone Editor

Step-by-Step Guide

1/ Search for Zone Editor

In cPanel search for ‘Zone Editor’ in the top right search bar and click on Zone Editor from the search results

2/ Click on Manage

The Zone Editor will show all domains inside the cPanel account, locate the Domain requiring the MX record adding and click Manage on the right hand side

3/ Add TXT Records

In the Zone Editor there is dropdown menu next to the Add Record option, click the dropdown arrow and select ‘DMARC’ Record from the list of options

4/ Add TXT Record Details

cPanel will provide a set of options, click on the ‘Reject’ option, set the SPF & DKIM Policy and enter an email address for DMARC reports *This should NOT be a personal email address*

5/ Cpanel Confirmation

cPanel will confirm that the TXT records have been successfully added. It is advisable to wait up to 24 hours to allow for DNS Propagation before validating

Video Tutorial

Play Video


A DMARC record will now have been added, this will Reject all emails that fail based on the SPF & DKIM policy and will email reports to the email address specified. WARNING: If the DMARC policy is set to strict and the SPF or DKIM are incorrect this will likely get emails marked as spam and not delivered to inboxes