DMARC (Domain-based Message Authentication, Reporting, and Conformance) allows you to configure how a mail server handles receiving email from a specific domain when the emails SPF or DKIM checks fail. DMARC records can be added using the Zone Editor interface in cPanel:
- Login to cPanel for your hosting account.
- Use the cPanel search to locate and click on the "Zone Editor" interface:
- From the "Zone Editor" interface you will see your domain(s) listed. Click "Manage" to the right of the domain name that needs a DMARC record:
- You will be redirected to the Zone Editor for your domain. From the middle-right of the page select the dropdown arrow next to "+ Add Record" and select "Add "DMARC" Record":
- A new DNS entry will appear with the name "_dmarc.yourdomainname.com" with a default TTL of 14400 and a type TXT. You will now need to configure your DMARC record for how you'd like receiving mail servers to handle email from your domain when there is an SPF or DKIM check failure. There are three default options:
None: Do not take any action.
Quarantine: Send spam email to a different folder on the account.
Reject: Reject spam email.
- If you wish to apply further customizations to the DMARC record instead of relying on the default selected policy you can click the "Optional Parameters" dropdown to view your full list of configuration options:
- When you have completed configuring your DMARC record click "Save Record". cPanel will automatically populate a TXT record for your newly created DMARC record.
- You can verify your DMARC record using any publicly available online tools or through a command line /SSH interface using the dig command. In the below example replace "_dmarc.hawkhost-ssl.com" with "_dmarc.yourdomainname.com":
user@system~> dig TXT +short _dmarc.hawkhost-ssl.com