Last updated: July 2026

In short: After this guide your domain publishes a DMARC TXT record in the GoDaddy DNS zone — either GoDaddy’s ready value or your own, safely staged from observation to enforcement.

Prerequisites

  • A domain whose DNS is managed at GoDaddy
  • SPF and DKIM must be in place first — GoDaddy states plainly that before you add DMARC, you must add SPF and DKIM

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting and Conformance) builds on SPF and DKIM, as GoDaddy’s docs put it, letting you set policies for handling unauthenticated emails and receive reports on the results. Major providers like Google, Yahoo, AOL and Verizon now require these protocols — without them your messages may bounce.

Good news: starting April 2025, all new domains purchased with GoDaddy have DMARC set up automatically. If your domain is older, you add it yourself.

The policies

GoDaddy names the three policies concisely:

  • p=none — the receiving email server performs no action against unauthenticated email, but sends a report (observe)
  • p=quarantine — the receiving email server quarantines unauthenticated email (spam/junk); this is the policy GoDaddy recommends
  • p=reject — the receiving email server denies and blocks unauthenticated email

This is also the order in which you switch DMARC to enforcing.

Step-by-step guide

1. (Optional) Start with observation

If you want to watch first, begin at p=none with a report address you control:

v=DMARC1; p=none; rua=mailto:dmarc@beispiel.de

In your GoDaddy Domain Portfolio, open DNS → Add New Record:

FieldValue
TypeTXT
Name_dmarc
Value(your DMARC string)
TTLDefault

2. Use GoDaddy’s documented value

GoDaddy documents a ready-to-use record at p=quarantine. Its value is:

v=DMARC1; p=quarantine; adkim=r; aspf=r; rua=mailto:dmarc_rua@onsecureserver.net;

The email address following rua= is where the daily reports go — by default to GoDaddy, containing only technical authentication data (no personal information). You can change this address to your own DMARC monitor if you prefer.

3. Read reports, clean up sources

After one or two weeks the reports show which sources don’t yet pass SPF/DKIM. Only once all legitimate senders are clean do you tighten.

4. Stagger up to reject

v=DMARC1; p=reject; rua=mailto:dmarc@beispiel.de

Enter the updated string as the Value of the same _dmarc record and Save.

5. Wait until the change is live

Most DNS changes take effect within an hour but could take up to 48 hours to update globally.

The most important tags

TagMeaning
v=DMARC1version, must be at the start
p=policy: none / quarantine / reject
rua=address for aggregated reports
adkim= / aspf=alignment (r relaxed, s strict)
sp=policy for subdomains

Verify the result

Check your configuration with the free MXAudit scanner — it shows you DMARC, SPF, and DKIM at a glance.

Common mistakes

DMARC without SPF/DKIM. GoDaddy requires SPF and DKIM first — DMARC builds on them.

Leaving reports at GoDaddy forever. The default rua goes to GoDaddy; to actually act on the data, point it at a DMARC monitor you read.

Straight to reject. Without a none/quarantine phase you risk blocking legitimate sources.

A second _dmarc record. Only one DMARC record belongs on _dmarc — edit the existing one instead of adding another.

Further reading