Domain-based Message Authentication, Reporting & Conformance (DMARC) is a record that a domain (or website) publishes in their public Domain Name System (DNS) to let a receiving mailbox provider know how email sent from that domain should be authenticated and whether it should be delivered to the spam folder or rejected if it fails that authentication. DMARC was first introduced to protect domains from being the victims of spoofing and phishing.
Why do I need a DMARC policy record?
How do I create a DMARC record?
How do I publish my DMARC record?
How is DMARC alignment checked by mailbox providers?
How do I resolve bounces caused by DMARC?
 | Tip: Are you looking for information about Constant Contact’s Email and Digital Marketing product? This article is for Constant Contact’s Lead Gen & CRM product. Head on over to the Email and Digital Marketing articles by clicking here. Not sure what the difference is? Read this article. |
Recently, Yahoo! and Google announced that starting in February of 2024, they will tighten requirements on inbound email to their users. One of these requirements is that all email sent to their users must come from a domain that is authenticated and has a published DMARC policy.
A DMARC policy is also good for your brand, as a strong policy will protect your brand from phishing attacks. If you want to do a quick check to see if your domain already has a DMARC policy in place, you can do a lookup here. You can also check the status by going to the Sending Domain & DNS Settings section in your Lead Gen & CRM instance.
You may check the status of your domain's DMARC policy from the Sending Domain & DNS Settings tab, however, to add a missing DMARC policy you'll need to access the DNS settings page from your hosting provider (i.e. GoDaddy, NameCheap, HostGator, etc.).
What you should include in your DMARC record depends on a lot of factors. If you’re just looking to get something published to comply with the new requirements, Constant Contact recommends that the following TXT record be added to your DNS settings:
| Hostname | Value |
| _dmarc.yourdomain.com | v=DMARC1; p=none |
For a DMARC record, the hostname will always start with “_dmarc.” followed by your domain. This is standardized so that the receiving mailbox providers can easily look up if you have a record.
The “p=” tag within the Value is what tells the receiving server what to do if the message fails a DMARC alignment check. There are three possible values:
Note: This is just a “bare necessities” type of record. If you have other email streams that are not yet authenticated, using this example record with a p=none value should not cause them any harm.
 | Important: For additional information about drafting a DMARC policy, please see dmarc.org. If you need help publishing your DMARC policy, your IT department or webmaster can assist you. |
If you want to take more control over your DMARC policy, you can choose to create the record with additional optional tags. For example, there are two types of reporting tags which allow the receiving domains to send reports back to an address you select regarding any alignment failures. You would use that, combined with p=none, to track down all the systems that are sending email on your behalf. Once you know that all legitimate email sent using your domain will pass a DMARC alignment check, you can upgrade the policy to p=reject.
If you want to start getting DMARC reports to determine all the systems sending email from your domain so that you can lock them down and upgrade to a strict (p=reject) policy to prevent phishing and spoofing of your domain, then you should consult with an IT professional or your hosting provider.
For more detailed information on the various tags and how you may utilize your record, please check out these additional resources:
Once you have your DMARC record, you need to enter it into your DNS settings at your hosting provider. If you’re not sure where that is, try this handy tool at MXtoolbox to look up your domain and find out who hosts your DNS settings. You should have a login for that provider, but if not, reach out to your IT department or person who helped you set up your website.
Every provider has a slightly different interface, so you’ll need to log in and follow the support prompts there. Our article for updating your DNS records may help you locate the support pages for how to enter records with the top providers.
Once you find where you need to enter the information, there are three things you need to select or enter:
Note: Some hosting providers automatically add your domain to the record, in which case you’ll only need to enter “_dmarc” for the hostname.
When a mailbox provider receives a message, they’ll first look at the domain found in the visible “friendly From” email address of a message. This domain is the foundation of DMARC. 
There are two ways to pass a DMARC check. Messages can be DMARC aligned either by DKIM or SPF:
Bounces caused by DMARC means that the domain you’re sending from has implemented a stronger DMARC policy (p=quarantine or p=reject) and email must be DKIM signed with that domain. Every Lead Gen & CRM instance requires authentication before it can send email.
Any links we provide from non-Constant Contact sites or information about non-Constant Contact products or services are provided as a courtesy and should not be construed as an endorsement by Constant Contact.
Copyright © 2025 · All Rights Reserved · Constant Contact · Privacy Center