How to Add a DMARC Record in Cloudflare

Adding a DMARC record in Cloudflare takes just a few minutes. Cloudflare's DNS management is fast and intuitive, and DMARC records propagate quickly through their global network.

Prerequisites

Before adding DMARC:

• Your domain must be active on Cloudflare
• You need access to the Cloudflare dashboard
• SPF and DKIM should already be configured

Check your current SPF record and DKIM setup first.

Step 1: Access Cloudflare DNS Settings

1. Log in to the Cloudflare dashboard
2. Select your domain from the list
3. Click DNS in the left sidebar

You'll see your existing DNS records.

Step 2: Add the DMARC TXT Record

1. Click Add record
2. Configure the record as follows:

3. Click Save

Notes:

• Enter only _dmarc in the Name field (Cloudflare appends your domain)
• Replace dmarc@yourdomain.com with your email address
• The Proxy status toggle doesn't apply to TXT records

Step 3: Verify the Record

Cloudflare DNS updates quickly, but verify after a few minutes:

DMARC Record Examples

Monitoring (Recommended Start)

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

Quarantine

v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com

Reject (Full Enforcement)

v=DMARC1; p=reject; sp=reject; rua=mailto:dmarc@yourdomain.com

Using Cloudflare Email Routing

If you use Cloudflare Email Routing for receiving email, your DMARC record works the same way. Email Routing affects inbound mail; DMARC affects outbound authentication.

For sending email, you still need:

• An email service provider (Gmail, Microsoft 365, etc.)
• SPF configured for that provider
• DKIM enabled with that provider

Cloudflare Email Routing is for receiving only.

Cloudflare Email Security (Area 1)

If you use Cloudflare Area 1 Email Security:

• DMARC records are still managed in DNS
• Area 1 processes can use DMARC results for filtering
• Enhanced email security features work alongside DMARC

Editing Your DMARC Record

To update an existing record:

1. Go to DNS in your Cloudflare dashboard
2. Find the _dmarc TXT record
3. Click Edit
4. Update the Content field
5. Click Save

Changes propagate almost immediately.

Deleting a DMARC Record

If you need to remove the record:

1. Find the _dmarc TXT record
2. Click Edit
3. Click Delete
4. Confirm deletion

Troubleshooting

Record Not Found

• Verify you entered _dmarc as the name (not the full domain)
• Check for typos in the name field
• Wait a few minutes and try again

Invalid DMARC Record

• Ensure the content starts with v=DMARC1
• Check the policy tag: p=none, p=quarantine, or p=reject
• Verify mailto: prefix on the rua address

Multiple DMARC Records

If you have duplicate records:

1. Keep the correct one
2. Delete extras via the Edit → Delete option

Only one DMARC record per domain is valid.

Proxy Status

The orange cloud (proxy) toggle doesn't affect TXT records. TXT records are always DNS-only. The toggle may appear grayed out.

Cloudflare API

For automation, you can add DMARC records via the Cloudflare API:

curl -X POST "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \
  -H "Authorization: Bearer {api_token}" \
  -H "Content-Type: application/json" \
  --data '{
    "type": "TXT",
    "name": "_dmarc",
    "content": "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com",
    "ttl": 1
  }'

Replace {zone_id} and {api_token} with your values.

Complete Checklist

• [ ] Logged into Cloudflare dashboard
• [ ] Selected correct domain
• [ ] Added TXT record with Name: _dmarc
• [ ] Set DMARC content with policy and report address
• [ ] Saved the record
• [ ] Verified with DMARC checker
• [ ] Receiving DMARC reports (after 24-48 hours)

Monitor Your DMARC Records

Checking once is good. Monitoring continuously is better. The Email Deliverability Suite watches your SPF, DKIM, DMARC, and MX records daily and alerts you when something breaks.