Last updated: July 2026
In short: After this guide your domain publishes a DMARC TXT record in the GoDaddy DNS zone — either GoDaddy’s ready value or your own, safely staged from observation to enforcement.
Prerequisites
- A domain whose DNS is managed at GoDaddy
- SPF and DKIM must be in place first — GoDaddy states plainly that before you add DMARC, you must add SPF and DKIM
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting and Conformance) builds on SPF and DKIM, as GoDaddy’s docs put it, letting you set policies for handling unauthenticated emails and receive reports on the results. Major providers like Google, Yahoo, AOL and Verizon now require these protocols — without them your messages may bounce.
Good news: starting April 2025, all new domains purchased with GoDaddy have DMARC set up automatically. If your domain is older, you add it yourself.
The policies
GoDaddy names the three policies concisely:
p=none— the receiving email server performs no action against unauthenticated email, but sends a report (observe)p=quarantine— the receiving email server quarantines unauthenticated email (spam/junk); this is the policy GoDaddy recommendsp=reject— the receiving email server denies and blocks unauthenticated email
This is also the order in which you switch DMARC to enforcing.
Step-by-step guide
1. (Optional) Start with observation
If you want to watch first, begin at p=none with a report address you control:
v=DMARC1; p=none; rua=mailto:dmarc@beispiel.de
In your GoDaddy Domain Portfolio, open DNS → Add New Record:
| Field | Value |
|---|---|
| Type | TXT |
| Name | _dmarc |
| Value | (your DMARC string) |
| TTL | Default |
2. Use GoDaddy’s documented value
GoDaddy documents a ready-to-use record at p=quarantine. Its value is:
v=DMARC1; p=quarantine; adkim=r; aspf=r; rua=mailto:dmarc_rua@onsecureserver.net;
The email address following rua= is where the daily reports go — by default to GoDaddy, containing only technical authentication data (no personal information). You can change this address to your own DMARC monitor if you prefer.
3. Read reports, clean up sources
After one or two weeks the reports show which sources don’t yet pass SPF/DKIM. Only once all legitimate senders are clean do you tighten.
4. Stagger up to reject
v=DMARC1; p=reject; rua=mailto:dmarc@beispiel.de
Enter the updated string as the Value of the same _dmarc record and Save.
5. Wait until the change is live
Most DNS changes take effect within an hour but could take up to 48 hours to update globally.
The most important tags
| Tag | Meaning |
|---|---|
v=DMARC1 | version, must be at the start |
p= | policy: none / quarantine / reject |
rua= | address for aggregated reports |
adkim= / aspf= | alignment (r relaxed, s strict) |
sp= | policy for subdomains |
Verify the result
Check your configuration with the free MXAudit scanner — it shows you DMARC, SPF, and DKIM at a glance.
Common mistakes
DMARC without SPF/DKIM. GoDaddy requires SPF and DKIM first — DMARC builds on them.
Leaving reports at GoDaddy forever. The default rua goes to GoDaddy; to actually act on the data, point it at a DMARC monitor you read.
Straight to reject. Without a none/quarantine phase you risk blocking legitimate sources.
A second _dmarc record. Only one DMARC record belongs on _dmarc — edit the existing one instead of adding another.
Further reading
- GoDaddy Help: What is DKIM, DMARC and SPF? (retrieved: July 10, 2026)
- GoDaddy Help: Set up SPF, DKIM, or DMARC records for my hosting email (retrieved: July 10, 2026)
- RFC 7489 — DMARC
