Skip to content
More support
Open Ticket
  • There are no suggestions because the search field is empty.

I created a DMARC record, but I am still getting an error.

DMARC records can fail validation for several reasons. Below, we’ve highlighted the most common cases along with simple tips on how to fix them.

1. Subdomain syntax in the “Host/Name” field:  DMARC must always be published under the subdomain _dmarc.yourdomain.com. However, some DNS providers handle this field differently. If you enter the full subdomain (_dmarc.yourdomain.com), the system may automatically append your domain again, resulting in something like _dmarc.yourdomain.com.yourdomain.com, which makes the record invalid.

Fix: When adding the record, use only _dmarc in the Host/Name field and let your DNS provider attach the domain name automatically.

Before fixing:

undefined-Sep-08-2025-02-21-28-3849-PM

After fixing:

undefined-Sep-08-2025-02-21-49-4005-PM

2. Multiple DMARC records in DNS: When EasyDMARC’s Managed DMARC solution is activated by adding a CNAME-type DMARC record, the old TXT-type DMARC record is sometimes left in place. This creates multiple DMARC records for the same domain, which is not allowed. As a domain can only have one DMARC record, this results in a validation failure.

undefined-Sep-08-2025-02-22-10-6021-PM

Fix: To fix this, go to your DNS management portal, find the old TXT-type DMARC record, and remove it. Once removed, the DMARC validation issue should be resolved.


3. Syntax issues: DMARC validation failures can also occur due to syntax errors (e.g., one or more required tags are missing). Check the record using the DMARC lookup tool to see if there are any issues with the record.

The lookup tool will show exactly if there are any issues with your DMARC record, so you can move forward with fixing it.
You can then generate a new valid record using the DMARC generator tool to avoid any human errors or syntax issues and make sure that the record is valid. Once done, the tool will provide you with the valid record that you need to publish in the DNS instead of the old invalid one.


Common misunderstanding

When DMARC is valid but the policy is set to p=none or p=quarantine, you will see an informational warning in EasyDMARC:

“Your DMARC record is set to None (p=none) or Quarantine (p=quarantine) policy, which will not protect against email spoofing and phishing. Enhance your policy to Reject (p=reject) by regularly monitoring legitimate email senders through DMARC Aggregate Reports for improved security.”

undefined-Sep-08-2025-02-23-11-0438-PM

If you see this, it doesn’t mean your setup is wrong. It simply indicates that your DMARC policy is still in monitoring mode. Starting with p=none is a best practice, as it allows you to track your email flows and confirm all legitimate sources are correctly configured before moving to stricter policies like p=quarantine or p=reject. This step-by-step approach helps you strengthen security without the risk of blocking legitimate emails.

In case any questions arise, feel free to contact EasyDMARC technical support.