How to Set up a DMARC Record in Cloudflare

Having a well-configured DMARC increases your open rate by 10% on average.

It also prevents bad guys from abusing your sending domain for phishing attacks.

A well-configured DMARC record also increases your chances of reaching your audience’s inbox.

We’ll guide you through the step-by-step process of configuring a DMARC record within Cloudflare's DNS management platform.

What Is DMARC?

A DMARC record is used to authenticate a sending domain.

If someone impersonates you and sends email from, the DMARC record helps prevent those fraudulent emails from being delivered to recipients.

As such, DMARC helps prevent spoofing and phishing attacks.

Before implementing DMARC, ensure you have your SPF and DKIM records set up. They should have been functioning properly for at least 48 hours before activating DMARC.

Preparing Your DMARC Record 📝

While a DMARC record may look complicated, it’s actually a straightforward line of text.

Check out this example DMARC record:

👉 v=DMARC1; p=none; rua=mailto:youremail@yourdomain.com

A DMARC record consists of three parts. The “v,” the “p,” and the “rua.”

• The “v” stands for version, but since there’s only one valid version currently, it’s always the same string: “v=DMARC1”.
• The “p” is the action the receiving email server needs to take if an email fails authentication.
• The “rua” specifies where to send DMARC reports (your email).

The only component that needs some additional explanation is the “p” part. That’s because it has three different options for handling unauthenticated email.

With “none”, email servers deliver the email even if it fails authentication. With no protection against unauthorized emails, this sounds like a useless option. However, this is where you should start because it allows you to identify deliverability problems and make  necessary adjustments. The “none” setting will help you gain visibility into the authentication status of your emails without impacting email deliverability.

The “quarantine” setting is much simpler. If an email fails authentication, it is sent to the spam folder.

And “reject” instructs email servers not to deliver the email at all!

If you take the DMARC example we just gave you and adjust your email, you’ll have a good starting point.

Adding Your DMARC Record to Cloudflare 🧑‍💻

1. Log in to Cloudflare
2. Select your domain
3. Click the DNS button
4. Click “Add” to add a new record
5. Choose TXT as the record type
6. The host field should be set to ‘_dmarc’
7. Now enter your DMARC record in the following field
8. Click the “Add Record” button

You’ve just added your DMARC record!

Validating DMARC ✅

It can take up to 48 hours for your DMARC record to activate.

Usually, it’ll propagate much faster than that.

After an hour or two, use a DNS checker to see if the record is active.

Some services, like lemwarm, provide a DNS checker.

The cool thing about lemwarm’s DNS Checks feature is that it checks your complete technical setup, not just DMARC.

Is Your Technical Setup Complete? ❓

You just took an important step toward completing your technical setup.

However, DMARC isn’t the only DNS record to set up.

You also need to activate your MX, SPF, and DKIM records, and you should set them up before activating DMARC.

Another critical component of completing the technical setup is a Custom Tracking Domain. Email Service Providers will use their tracking domain. This domain is generic and used by many of their customers. Your deliverability will improve if you use your own Custom Tracking Domain.

Lastly, if you have a new email address and start sending hundreds of emails just like that, most of your emails will land in spam.

Instead, you need to warm your email up. You can use an email warm-up service to gradually increase your sending volume while also getting replies and engagement.

One such service is lemwarm. It runs on autopilot and is designed to get you open rates of 65% or more.

‍