Add DMARC Record — Cloudflare

This guide walks you through adding the email security settings your domain needs — DMARC, SPF, and DKIM — using Cloudflare. These are entries in your domain’s public directory (called DNS records) that help email providers verify messages really come from you. Cloudflare is one of the most popular places to manage these settings, with free DNS hosting and near-instant updates.

📋 Before You Start

Make sure you have:

  • A Cloudflare account with your domain added
  • Your domain’s nameservers pointing to Cloudflare (e.g., ada.ns.cloudflare.com)
  • Your DMARC record value — use our DMARC Record Generator if you don’t have one
  • Your SPF record value — check your email provider’s documentation for the correct include: statements

Step 1: Add Your DMARC Record

  1. Log in to the Cloudflare Dashboard at dash.cloudflare.com
  2. Select your domain from the list
  3. Click DNS in the left sidebar, then Records
  4. Click the + Add record button
  5. Fill in the fields:
    Type TXT
    Name _dmarc
    Content v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
    TTL Auto (recommended)
  6. Click Save
💡 Pro Tip
Cloudflare automatically appends your domain to the record name. Enter just _dmarc, not _dmarc.yourdomain.com. Cloudflare shows the full name in the record list after saving.

Step 2: Add or Update Your SPF Record

SPF goes on the root domain (the @ record). You should only have one SPF record — if one already exists, edit it rather than creating a second one.

  1. Check for an existing SPF record: Look through your TXT records for one starting with v=spf1
  2. If one exists, click Edit and modify the content. If not, click + Add record
  3. Fill in the fields:
    Type TXT
    Name @
    Content v=spf1 include:_spf.google.com ~all
    TTL Auto
  4. Click Save
⚠️ Common Mistake
Never create multiple SPF records for the same domain. If you have multiple email services (e.g., Google Workspace + Mailchimp), combine them into one record: v=spf1 include:_spf.google.com include:servers.mcsv.net ~all. See SPF Record Syntax for details.

Step 3: Add DKIM Records

DKIM records are provided by your email service. For example, Google Workspace gives you a TXT record to add. The process in Cloudflare is the same:

  1. Get the DKIM record details from your email provider (name and value)
  2. In Cloudflare DNS, click + Add record
  3. Fill in the fields:
    Type TXT
    Name google._domainkey (example for Google)
    Content The DKIM value from your email provider
    TTL Auto
  4. Click Save

Cloudflare-Specific Tips

✅ Proxy Status Doesn’t Matter
TXT records don’t have a proxy toggle (orange/grey cloud). This only applies to A and CNAME records. Your email security records will work immediately.
✅ Instant Propagation
Cloudflare DNS changes usually go live within seconds. You can verify your records almost immediately after adding them.
💡 No Quotes Needed
Don’t add quotation marks around the TXT value. Cloudflare handles this automatically. Just paste the raw record value.
💡 Long DKIM Values
If your DKIM record is very long (2048-bit keys), Cloudflare will handle it correctly. Some providers require splitting, but Cloudflare does not — paste the full value.

Verify Your Records

After adding your records, verify they’re working correctly:

  1. Use the Domain Checker to verify all records are published
  2. Check that your DMARC record starts with v=DMARC1
  3. Confirm you have only one SPF record starting with v=spf1
  4. Send a test email and check the headers for SPF/DKIM/DMARC pass results

What’s Next?