How to add a DMARC record in GoDaddy (step-by-step)
GoDaddy hosts millions of domains but doesn't set up DMARC for you. Here's exactly how to add your DMARC record in the GoDaddy DNS interface, with screenshots-free clarity.
GoDaddy is one of the largest domain registrars. Millions of businesses host their DNS there. Most have no DMARC record.
Thatâs not GoDaddyâs fault. They provide DNS management tools. They donât configure email authentication for you.
Adding a DMARC record in GoDaddy takes about 5 minutes. The interface isnât always intuitive, and one wrong character can break everything.
This guide walks you through the exact steps, from login to verification.
Before you start
Youâll need access to your GoDaddy account with permission to edit DNS. Youâll also need a DMARCTrust account to receive and monitor reports, which weâll set up in the first step.
Step 1: get your DMARCTrust reporting address
Before touching GoDaddy, you need a reporting address. Without one, your DMARC record is just a policy with no visibility.
Sign up for DMARCTrust (free tier available) and add your domain. Youâll get a unique reporting address that looks like this:
[email protected]
Now use our DMARC generator to create your full record. Select p=none for monitoring and paste your reporting address in the rua field. The generator outputs something like:
v=DMARC1; p=none; rua=mailto:[email protected];
Copy this value. Youâll paste it into GoDaddy next.
Step 2: log into GoDaddy
Go to godaddy.com and sign in to your account.
Once logged in, you need to find your domainâs DNS settings. GoDaddyâs interface changes occasionally, but hereâs the current path.
The fastest option: click your profile icon in the top right, select My Products, find your domain under Domains, and click DNS next to the domain name.
Alternatively, go to Domain Portfolio from the main menu, click directly on your domain name, then select DNS from the domain settings.
Either path gets you to the same place: the DNS management screen for your domain.
Step 3: find the DNS records section
Once youâre in DNS management, youâll see a list of existing records. These might include A records pointing to IP addresses, CNAME records for aliases, MX records for mail servers, and TXT records including SPF.
Look for the Add button or Add New Record option. In most GoDaddy interfaces, itâs near the top of the records list.
Step 4: add the DMARC TXT record
Click Add (or Add New Record), then fill in these fields:
| Field | Value |
|---|---|
| Type | TXT |
| Name / Host | _dmarc |
| Value / TXT Value | Your DMARC record (from Step 1) |
| TTL | Leave as default (usually 1 hour or 3600) |
The Name field should be exactly _dmarc (with the underscore). GoDaddy will automatically append your domain, so it becomes _dmarc.yourdomain.com. Donât add quotes around the Value unless GoDaddyâs interface specifically requires them, which it usually doesnât. Donât include the domain name in the Name field, just _dmarc.
Example of what youâre entering:
Name: _dmarc
Value: v=DMARC1; p=none; rua=mailto:[email protected];
Step 5: save the record
Click Save or Add Record (the button text varies).
GoDaddy will confirm that the record was added. You should now see it in your DNS records list as a TXT record with the name _dmarc.
Step 6: verify it works
DNS changes can take anywhere from a few minutes to 48 hours to propagate globally. In practice, GoDaddy updates are usually visible within an hour.
To verify your DMARC record is live, go to DMARCTrustâs domain checker, enter your domain name, and check the DMARC section.
You should see your record displayed with a green checkmark. If itâs not showing up yet, wait an hour and try again.
Common mistakes to avoid
Mistake 1: wrong name format
The Name field should be _dmarc. Not _dmarc.yourdomain.com (GoDaddy adds the domain automatically). Not dmarc (missing the underscore). Not @._dmarc (no @ symbol needed).
Mistake 2: multiple DMARC records
You can only have one DMARC record per domain. If you already have a _dmarc TXT record, edit it instead of creating a new one. Multiple DMARC records cause receivers to ignore all of them.
Mistake 3: syntax errors in the value
DMARC records are picky about formatting. They must start with v=DMARC1; and semicolons separate each tag. There should be no spaces around the = signs, and the mailto: prefix is required for reporting addresses.
Use our DMARC generator to avoid syntax errors.
Mistake 4: forgetting to monitor
Adding a DMARC record without monitoring is like installing a security camera that doesnât record. Youâve done the work, but you have no visibility into whatâs happening.
DMARC reports are XML files that arrive via email. They look like this:
<record>
<row>
<source_ip>192.0.2.1</source_ip>
<count>847</count>
<policy_evaluated>
<dkim>fail</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
</record>
Youâre not going to read these manually. Nobody does.
Why monitoring matters
Without monitoring, you wonât know which services are sending email as your domain. You wonât know whether SPF and DKIM are properly aligned. You wonât know if someone is spoofing your domain. And you wonât know when itâs safe to move from p=none to p=reject.
Youâll add the DMARC record, feel good about yourself, and then⊠nothing. No visibility. No alerts. No path to enforcement.
This is why we built DMARCTrust.
When you add your domain to DMARCTrust, you get a unique reporting address to use in your DMARC recordâs rua tag. Every report from every email provider gets parsed automatically. Visual dashboards show pass/fail rates, sending sources, and alignment issues. And you get alerts when something breaks or changes.
The reporting address makes this work. Instead of reports piling up in an inbox you never check, they flow into DMARCTrust where theyâre parsed, analyzed, and turned into something you can act on.
Summary
Youâve now completed the setup. You created a DMARCTrust account and added your domain. You got your unique reporting address. You generated your DMARC record with that address. You added the record in GoDaddy. And you verified itâs working with our domain checker.
Reports start arriving within 24-48 hours. Review your DMARCTrust dashboard to see whoâs sending as your domain, then fix any alignment issues and gradually move toward enforcement (p=quarantine, then p=reject).
After GoDaddy: whatâs next
Adding the DMARC record is step one. Hereâs what comes after.
In the first couple of weeks, reports start arriving. Review them in DMARCTrust to identify all legitimate senders.
Over the next couple of weeks, fix any alignment issues. Make sure your email services (Microsoft 365, Google Workspace, marketing tools) are properly authenticated.
Around month two, consider moving to p=quarantine with a low percentage (pct=10) to test enforcement on a subset of traffic. Our enforcement playbook explains this gradual approach.
From month three onward, gradually increase enforcement until you reach p=reject, the gold standard that blocks spoofed emails entirely.
Donât rush this process. The goal is to protect your domain without blocking legitimate email. Monitoring makes that possible.
Check your domain now
Enter your domain in our free checker. Youâll immediately see whether your DMARC record is configured correctly.
But hereâs the reality: a DMARC record without monitoring is just a DNS entry. It doesnât protect you. It doesnât tell you whoâs sending as your domain. It doesnât help you reach p=reject. The record sits there, collecting reports that nobody reads.
Thatâs why adding a DMARC record and signing up for DMARCTrust are the same step. When you create your account, you get a unique reporting address. That address goes in your DMARC record. Reports flow to our dashboard. You see everything.
GoDaddy gives you the DNS. DMARCTrust gives you the visibility. One without the other is incomplete.
