Defaults.Exposed › Setup › DMARC

How to set up DMARC on IONOS

Add a DMARC record in IONOS to tell mail providers what to do with email that fails your checks.

Why this matters to your business

DMARC ties SPF and DKIM together and adds the missing instruction: what should a receiving mail provider do when an email claiming to be from you fails the checks? Without DMARC, each provider guesses. With it, you decide — and you can ask them to send you reports showing who is sending mail in your name.

In plain terms: DMARC is what actually stops criminals from spoofing your domain to scam your customers or staff. It’s the policy on top of the locks SPF and DKIM provide — free, and well worth the few minutes.

Set up SPF and DKIM first

DMARC works by checking the results of SPF and DKIM. If you haven’t added those yet, do them first — a DMARC policy with nothing underneath it has nothing to enforce.

Confirm IONOS runs your DNS

This record only works if IONOS is answering DNS for your domain. IONOS is your DNS host here, which is only the case when your domain’s nameservers point to IONOS’s nameservers. In your IONOS account, open Domains & SSL, select your domain, and check the Nameserver settings. If they point to IONOS, continue below. If they point to another company (a different web host, Cloudflare, your email provider), add the DMARC record at whichever provider runs your DNS instead.

Step-by-step on IONOS

1. Sign in to IONOS and open Domains & SSL.
2. Click your domain, then open the DNS section to see the list of DNS records.
3. Click Add record.
4. Set Type to TXT.
5. In the Host name field, enter exactly: _dmarc Do not type your domain name after it — IONOS appends the domain for you.
6. In the Value field, start gently with a monitoring-only policy: v=DMARC1; p=none; rua=mailto:[email protected] Replace the address with a mailbox you actually read. This asks providers to email you summary reports without changing how any mail is treated yet.
7. Leave TTL at the default (1 hour is fine).
8. Click Save.

Choosing your policy (the p= part)

• p=none — monitor only. Nothing is blocked; you just receive reports. Start here.
• p=quarantine — send failing mail to spam/junk.
• p=reject — refuse failing mail outright (the strongest protection).

Run p=none for a few weeks, read the reports to confirm all your legitimate mail passes, then move up to quarantine and finally reject. Jumping straight to reject before you’ve checked the reports risks blocking your own genuine email.

IONOS quirks people get wrong

• Host name is _dmarc, with the underscore. A common mistake is leaving the underscore off, or typing _dmarc.yourdomain.com — in IONOS you enter just _dmarc. The leading underscore is required; don’t drop it.
• Don’t add your own quotes. Paste the plain value beginning v=DMARC1;. IONOS handles the quoting itself; manual " marks can break the record.
• One DMARC record only. Like SPF, there must be a single DMARC TXT record. If one exists, edit it rather than adding a second.
• The DNS section is per-domain. IONOS keeps DNS records under each individual domain — make sure you opened the right domain before adding the record.
• Use a real reporting mailbox. The address after rua=mailto: should be one you genuinely check, or the reports are wasted. It can be on the same domain or a different one.
• Give it time. DNS changes can take a few minutes up to a couple of hours to take effect.

Verify it worked

Once saved and propagated, run the free check on this site. It will tell you in plain language whether your DMARC record is in place and what policy you’ve set.

Done? Check your domain free to confirm it worked — and see your full grade across all 34 checks.