How to fix "No DMARC Record Found"

DMARC record

When you use various online tools to check a domain's DMARC record, you might run into one of the errors:

"No DMARC record found"

"DMARC record not found"

"Missing DMARC record"

"Unable to find DMARC record"

"No DMARC record published"

"Hostname returned a missing or invalid DMARC record"

"DMARC policy not enabled"

Any of these messages or similar means one thing: the DMARC check reveals that your domain is not secured and is subject to spoofing attacks. Any spoofing attacker can send malicious emails using your domain, which potentially incurs damage to your brand after landing in your customers' mailboxes.

To fix this, you need to start implementing DMARC, which is the ratified industry standard for email authentication, for your domain.

What is DMARC

DMARC stands for "Domain-based Message Authentication, Reporting & Conformance". It's an email authentication protocol with reporting and policy enforcement capabilities built in. DMARC builds on top of another two widely adopted email protocols, SPF and DKIM. DMARC checks the results returned by SPF and DKIM and determines if an incoming email passes authentication or not and, depending on the policy specified in the DMARC record, takes certain action to keep malicious spoofing attempts at bay.

Here is a visual presentation of how DMARC works from dmarc.org:

How DMARC Works

Refer to the official specification of DMARC here: DMARC RFC7489.

What is a DMARC record

A DMARC record is a TXT-typed record published on a domain in the DNS, by the domain owner or administrator. When the receiving email server needs to check the incoming email against DMARC, it will look up the DMARC record on the domain extracted from the sender email address.

A DMARC record specifies the DMARC policy that's enacted when an email fails DMARC authentication using the p tag, e.g., none (no action), quarantine (move to spam), or reject (reject the email outright).

It should also specify a list of recipients of DMARC aggregate reports, using the rua tag. This way, these recipients will be able to analyze these reports to identify potential issues in the email infrastructure and rectify them if any.

Here is an example DMARC record:

v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected];

The above DMARC record prescribes that unauthenticated emails should be quarantined, DMARC aggregate reports should be sent to [email protected], and forensic reports should be sent to [email protected].

How to fix "No DMARC Record Found"

It's easy to fix this issue: you need to generate a DMARC record with appropriate settings, publish it in the DNS, then verify it.

Here are the 3 steps to fix "No DMARC Record Found".

1. Generate DMARC record

Before we can publish it, use our free DMARC record generator to generate a DMARC record.

2 things to note here. Firstly, if you are implementing DMARC for the first time, most probably you need to set the policy to none (p=none), which puts DMARC in the monitoring mode. This does not affect your email streams in any way, while allowing you to receive DMARC reports which provide insight into your email authentication status.

Secondly, you can request DMARC to send aggregate reports to a mailbox you have access to by pointing the rua tag to that mailbox. If you use DMARCLY's dashboard to generate such a DMARC record, it will set up the mailbox for you as well. This way, you don't need to worry about setting up the mailbox and maintaining it.

2. Publish the DMARC record

DMARC works by publishing a record in the DNS, so that it's accessible to receiving email servers. Once you have the record generated, you need to log in to the domain's DNS provider's dashboard to add the record.

For example, if your domain domain.com is hosted on Cloudflare, you need to log in to Cloudflare.

Here are a few links to tutorials on adding a DMARC record with various DNS services:

3. Verify the DMARC record

Once the record is published, you can use our free online DMARC checker to verify it's indeed in the DNS and accessible to all.

Previous Post Next Post

 Protect Business Email & Improve Email Deliverability

Get a 14 day trial. No credit card required.

Create Account