Setting up DMARC on GoDaddy involves adding a specific TXT record to your domain’s DNS settings. This record contains instructions that email providers use to verify whether incoming messages are actually from you or from someone impersonating your domain.
The process itself is straightforward, but getting the syntax right is important because even small errors can prevent DMARC from working correctly.
Fortunately, we can help.
This guide will walk you through each step of creating and implementing a DMARC record on your GoDaddy domain. We’ll cover everything from understanding what goes into a DMARC record to adding it to your DNS settings and verifying that it’s working properly.
What is DMARC (and why you need it)
Before you get started, make sure you already have SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) configured for your domain. DMARC builds on these two authentication methods, so they need to be in place first. Not quite there yet? Use these SPF setup and DKIM setup guides
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication standard that prevents cybercriminals from impersonating your domain. It works by checking whether incoming emails pass SPF and DKIM authentication, then instructing email providers what to do with messages that fail these checks.
Without DMARC, anyone can send emails that appear to come from your domain. This leads to two major problems:
- Scammers can trick your customers into believing fraudulent emails are from you
- Email providers may start treating all emails from your domain as suspicious
DMARC gives you control over your domain’s email reputation while protecting your customers from impersonation attacks.
Not sure what your domain’s email authentication status is? Use our free domain checker to get a baseline:
Check your
domain now
Enter your domain to see if it’s vulnerable to spoofing or if others are sending emails on your behalf. Instantly check your DMARC, SPF, and BIMI status with a detailed security report.
You’re not fully protected, learn more here.
Check your
domain now
Enter your domain to see if it’s vulnerable to spoofing or if others are sending emails on your behalf. Instantly check your DMARC, SPF, and BIMI status with a detailed security report.
You’re not fully protected, learn more here.
Check your
domain now
Enter your domain to see if it’s vulnerable to spoofing or if others are sending emails on your behalf. Instantly check your DMARC, SPF, and BIMI status with a detailed security report.
You’re not fully protected, learn more here.
Your Domain
Not protected AGAINST IMPERSONATION ATTACKS
DMARC NOT AT ENFORCEMENT
exampledomain1.com
Authentication Status for January 10, 2025
DMARC at Enforcement
SPF Record Configured
BIMI Ready
exampledomain1.com
Authentication Status for January 10, 2025
DMARC at Enforcement
SPF Record Configured
BIMI Ready
GoDaddy has implemented default DMARC records for domains
Since April 2025, GoDaddy has become one of the first domain registrars to add a DMARC record by default, with a p=quarantine policy. This means that messages that fail DMARC authentication will be automatically directed to the spam or junk folders, rather than the inbox. You can still modify and adjust your DMARC policy using the same steps listed below.
This default policy applies to all new domains created after April 2025. However, if you were a customer before, they are exploring ways to extend the protections of DMARC to those domains.
This was a significant change from GoDaddy, underscoring the importance of strong DMARC policies. Don’t be left behind if you’re one of the customers who signed up before April 2025 and don’t have a DMARC record in place. Use these steps to set up your DMARC policy.
Step-by-step GoDaddy DMARC setup (No default record)
Setting up DMARC on GoDaddy involves accessing your domain’s DNS management area and adding a properly formatted TXT record. The process is similar to adding any other DNS record, but the content needs to follow specific DMARC syntax rules. Here’s how to do it:
- Log in to your GoDaddy account and access DNS management.
- Navigate to the DNS records section for your domain.
- Create a new TXT record with the DMARC subdomain.
- Enter your DMARC policy syntax in the record value.
- Save the record and wait for DNS propagation.
- Verify your DMARC record is working correctly.
1. Log in to your GoDaddy account and access DNS management
Start by logging into your GoDaddy account at godaddy.com. Once you’re in, navigate to your “My Products” section and find the domain you want to add DMARC to. Click on the domain name, then look for “DNS” or “Manage DNS” options.
This will take you to the DNS management interface, where you can view and edit all DNS records for your domain. If you have multiple domains, make sure you’re working with the correct one before making any changes.
2. Navigate to the DNS records section for your domain
In the DNS management area, you’ll see a list of existing DNS records for your domain. These might include A records, CNAME records, MX records, and possibly existing TXT records for SPF or other purposes.
Look for a button or link that says “Add Record,” “Add New Record,” or something similar. This is where you’ll create your new DMARC record. The interface may vary slightly depending on GoDaddy’s current design, but the functionality remains the same.
3. Create a new TXT record with the DMARC subdomain
When adding a new record, you’ll need to select “TXT” as the record type from a dropdown menu. In the “Name” or “Host” field, enter “_dmarc” (including the underscore). This creates a subdomain specifically for your DMARC record.
Some interfaces might automatically append your domain name, so you may only need to enter “_dmarc” rather than “_dmarc.yourdomain.com.” The TTL (Time to Live) can usually be left at the default setting, typically 600 or 3600 seconds.
4. Enter your DMARC policy syntax in the record value
In the “Value” or “Points to” field, you’ll enter your DMARC policy. For beginners, start with:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com (replace "yourdomain.com" with your actual domain). This creates a monitoring-only policy that won’t affect email delivery but will generate reports. The “v=DMARC1” specifies the DMARC version, “p=none” means no action is taken on failed emails, and “rua” sets where aggregate reports are sent.
5. Save the record and wait for DNS propagation
After entering your DMARC record information, click “Save,” “Add Record,” or whatever button completes the process in your GoDaddy interface. DNS changes don’t take effect immediately—they need to propagate across the internet, which can take anywhere from a few minutes to 48 hours (though it’s usually much faster).
During this time, the new DMARC record is being distributed to DNS servers worldwide. You won’t see any immediate changes to your email delivery during this propagation period.
How to edit your default GoDaddy record
If your domain was created after April 2025, your domain should already have a default DMARC record (with a p=quarantine policy). This is a great starting point, and it’s recommended to maintain a strong DMARC policy of quarantine or reject to ensure spoofed messages don’t reach inboxes.
However, if you need to adjust your policy or customize your reporting settings, you can easily do that:
- Log in to your GoDaddy account and open your domain’s DNS settings.
- Locate the DMARC TXT record (it will start with
_dmarc). - Click Edit to update the policy (for example, change
p=quarantinetop=rejectorp=none), or Delete it if you want to start from scratch. - Save your changes.
Your updates will take effect once DNS propagation completes, typically within a few minutes.
How to test your GoDaddy DMARC implementation
Once you’ve given the DNS changes time to propagate (wait at least 30 minutes), you can verify your DMARC record is active using online DNS lookup tools. Use our free DMARC checker tool. It’ll query the “_dmarc.yourdomain.com” subdomain and display your DMARC record if it’s properly configured. If the tool can’t find your record, wait a bit longer for propagation or double-check that you entered everything correctly in GoDaddy.
After that, you can further verify with a few other methods:
Send test emails from your domain
Once your DNS record is confirmed, send a few test emails from your domain to different email providers like Gmail, Yahoo, and Outlook. Use your normal email setup: don’t change anything about how you usually send emails. These test messages help verify that your DMARC record isn’t interfering with legitimate email delivery.
If you’re starting with a “p=none” policy, your emails should deliver normally while DMARC quietly monitors authentication results in the background.
Check for DMARC reports
You should start receiving aggregate reports at the email address you specified in your “rua” tag within 24-48 hours of your DMARC record going live. These reports come from email providers like Gmail, Yahoo, and others, showing you which emails passed or failed DMARC authentication. The reports arrive in XML format and can be hard to read without specialized solutions (like Valimail Monitor), but their presence alone indicates that your DMARC record is working and email providers are honoring your policy.
Monitor authentication results
Use a solution like Valimail Monitor (which is free) or other DMARC analysis platforms to help interpret your reports and track authentication results. These tools convert complex XML reports into readable dashboards that show you which sending sources are passing DMARC (and which ones might need attention).
Monitor your reports closely during your first few weeks to identify any legitimate senders that might need SPF or DKIM configuration adjustments.
Frequently asked questions about GoDaddy DMARC setup
Q: Does GoDaddy charge extra for adding DMARC records?
No, adding DNS records, including DMARC, is included with domain registration and doesn’t cost extra. You can add as many TXT records as needed for email authentication without additional fees. However, if you’re using GoDaddy’s premium DNS service, that’s a separate paid feature, but standard DNS management for DMARC is always free.
Q: Why does GoDaddy keep adding my domain name to the end of my DMARC record?
GoDaddy’s DNS interface automatically appends your domain name to certain record types. When you enter “_dmarc” in the name field, GoDaddy creates “_dmarc.yourdomain.com” behind the scenes. This is normal behavior and exactly what you want for DMARC records. Don’t try to enter the full “_dmarc.yourdomain.com” yourself, as this would create “_dmarc.yourdomain.com.yourdomain.com” which won’t work.
Q: Can I use GoDaddy’s email forwarding with DMARC?
GoDaddy’s email forwarding can complicate DMARC because forwarded emails often fail SPF checks when they reach their final destination. If you’re using email forwarding, start with relaxed alignment settings (“aspf=r”) and monitor your DMARC reports carefully. Consider upgrading to GoDaddy’s hosted email solution or another email provider that better supports DMARC if forwarding issues continue.
Q: What should I do if GoDaddy’s DNS interface won’t accept my DMARC record?
Check that you’re using “TXT” as the record type, not “CNAME” or another option. Make sure your DMARC policy doesn’t contain any line breaks or extra spaces: it should all be on one line. If GoDaddy shows an error about invalid characters, double-check your syntax, especially around semicolons and email addresses. Try removing optional tags and using only the basic “v=DMARC1; p=none; rua=mailto:youremail” format first.
Q: Does GoDaddy provide any built-in DMARC reporting or analysis tools?
GoDaddy doesn’t offer native DMARC report analysis tools. You’ll need to use third-party services or solutions like Valimail Monitor to interpret the XML reports you receive. GoDaddy focuses on domain and DNS management rather than email security analysis.
Q: Why does GoDaddy set a default DMARC policy on my domain now?
GoDaddy analyzed millions of its existing domains and discovered many of them weren’t using DMARC. If there were DMARC records, most of them only had a monitoring policy, meaning that many domains were still vulnerable to phishing. They manage millions of domains, and their DMARC initiative will help strengthen the security of the email ecosystem.
Maintain your DMARC policy with ease in the Valimail platform
Congratulations! You’ve (hopefully) successfully added a DMARC record to GoDaddy (if you didn’t already have one by default). Now, the fun part is just starting. Next, you get to watch the DMARC reports start pouring in and learn more about your email program.
Unfortunately, parsing raw XML files and trying to interpret authentication data can be a headache without the right tools. On the bright side, we have a free tool that does it for you: Valimail Monitor.
Valimail Monitor takes the guesswork out of DMARC management. Instead of wrestling with confusing reports, you get a clear dashboard showing which senders are passing authentication and which ones need attention. You’ll spot potential security threats faster and identify legitimate services that need SPF or DKIM fixes before they cause delivery problems.
Monitor is completely free and works with any domain, including those hosted on GoDaddy.
