Defaults.Exposed › Setup › DMARC

How to set up DMARC on Bluehost

Add a DMARC record in Bluehost to tell mail providers what to do with email that fails your checks.

Why this matters to your business

DMARC ties SPF and DKIM together and adds the missing instruction: what should a receiving mail provider do when an email claiming to be from you fails the checks? Without DMARC, each provider guesses. With it, you decide — and you can ask them to send you reports showing who is sending mail in your name.

In plain terms: DMARC is what actually stops criminals from spoofing your domain to scam your customers or staff. It’s the policy on top of the locks SPF and DKIM provide — free, and well worth the few minutes.

Set up SPF and DKIM first

DMARC works by checking the results of SPF and DKIM. If you haven’t added those yet, do them first — a DMARC policy with nothing underneath it has nothing to enforce.

Confirm Bluehost runs your DNS

This record only works if Bluehost is answering DNS for your domain. Bluehost is your DNS host here, which is only the case when your domain’s nameservers point to Bluehost’s nameservers. In your Bluehost account, open Domains, select your domain, and check the Nameservers section. If they point to Bluehost, continue below. If they point to another company (a different web host, Cloudflare, your email provider), add the DMARC record at whichever provider runs your DNS instead.

Step-by-step on Bluehost

1. Sign in to Bluehost and open the Domains section.
2. Select your domain and open its DNS settings (look for DNS / DNS Records / Manage).
3. Find the area for adding a record (look for Add Record).
4. Set Type to TXT.
5. In the Host Record (Name) field, enter exactly: _dmarc Do not type your domain name after it — Bluehost appends the domain for you.
6. In the TXT Value field, start gently with a monitoring-only policy: v=DMARC1; p=none; rua=mailto:[email protected] Replace the address with a mailbox you actually read. This asks providers to email you summary reports without changing how any mail is treated yet.
7. Leave TTL at the default.
8. Click Save.

Choosing your policy (the p= part)

• p=none — monitor only. Nothing is blocked; you just receive reports. Start here.
• p=quarantine — send failing mail to spam/junk.
• p=reject — refuse failing mail outright (the strongest protection).

Run p=none for a few weeks, read the reports to confirm all your legitimate mail passes, then move up to quarantine and finally reject. Jumping straight to reject before you’ve checked the reports risks blocking your own genuine email.

Bluehost quirks people get wrong

• Host Record is _dmarc, with the underscore. A common mistake is leaving the underscore off, or typing _dmarc.yourdomain.com — in Bluehost you enter just _dmarc. The leading underscore is required; don’t drop it.
• Don’t add your own quotes. Paste the plain value beginning v=DMARC1;. Bluehost handles the quoting itself; manual " marks can break the record.
• One DMARC record only. Like SPF, there must be a single DMARC TXT record. If one exists, edit it rather than adding a second.
• Watch where DNS is managed. Some Bluehost domains have DNS managed through the hosting control panel and others through the domain area; make sure you’re editing the zone that’s actually live for your domain.
• Use a real reporting mailbox. The address after rua=mailto: should be one you genuinely check, or the reports are wasted. It can be on the same domain or a different one.
• Give it time. DNS changes can take a few minutes up to a couple of hours to take effect.

Verify it worked

Once saved and propagated, run the free check on this site. It will tell you in plain language whether your DMARC record is in place and what policy you’ve set.

Done? Check your domain free to confirm it worked — and see your full grade across all 34 checks.