How to Add DMARC Record to AWS’s DNS-Route 53

Want to add DMARC record to AWS`s DNS, but you have a problem with doing it on Your own? This guide will show you how to add DMARC record to Your domain.

We strongly recommend you at first add DMARC record (Domain-based Message Authentication Reporting and Conformance ) only for monitoring: with policy none.

Here is the example

_dmarc TXT v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=none;

You can use free DMARC record generator to create your’s.

Set Up the records into Route 53!

Let’s move on to add DMARC record in an easy way

Step 1.

After logging in you need to go Route 53 page from the services menu under the Networking & Content Delivery.


Step 2.

go to hosted zones under the DNS management

AWS Route 53 hosted zones

Are You on the way to add DMARC record successfully?

Step 3

Chose the appropriate domain/zone.

AWS Route 53 Zone configuration

Step 4

In the domain configuration page Create Record Set and chose the TXT as type


Step 5

Create the TXT record as it shows this example.

It can take several minutes or even several hours until your DNS record will be updated worldwide. Wait for a little after test DMARC record by free DMARC check tool.

If the DNS propagation done you should see the result like this

p.s. for policy none you will see the red line.

Remember, only DMARC record with “p=reject” policy is the most powerful and industry standard email authentication system. However achieving “p=reject” is hard, because putting it in DNS without proper monitoring, can get your perfectly valid emails to be rejected.

After a day or 2 email service providers will start to send DMARC XML reports to the email address that you have published in your DMARC record. You need to collect and analize  aggregated reports which can give you deep inside of you email flow.

Aggregated reports are in XML format and it is hard to analyze them. You can use free DMARC XML analyzer for visualization.


You can use the EasyDMARC to automate the process and receive notifications and suggestions to improve your email security.

Are you running on a different DNS provider?

Then one of these posts might be useful

Check other posts below

SPF Record Lookup in 3 Steps

E-mail authentication became more and more important as e-mail phishing attacks grow and the average loss for mid size companies become bigger and bigger. EasyDMARC's SPF record lookup tool shows that 68% of checked domains have issues with SPF record. In general, e-mail authentication can...

Read More

How To Add DMARC Record To GoDaddy in 3 easy steps

E-mail authentication plays an important role to allow e-mail receiver identify the sender. Obviously, DMARC is one of the best industry solutions to prevent your business domain from phishing and email fraud. In this post we will show you how to create GoDaddy DNS DMARC...

Read More

How to Add DMARC Record to Azure DNS

DMARC is an email authentication standard, policy, and reporting protocol. In EasyDMARC the DMARC record is mandatory to start receiving aggregated reports for your domain. Before moving forward we recommend to start by checking your domain for the DMARC record. This guide will show how to...

Read More