This article is intended for customers using the paid version of our product, Enforce. Monitor customers using our free product should review our Getting Started articles.

You will need to add a DMARC NameServer (NS) record to your DNS zone to manage a domain’s DMARC policy within the Valimail system.

To enable DMARC for a domain, please add the following NS record for the “_dmarc” domain to your DNS:

Record Name:    

Record Type: NS    

Record Value:

We recommend a TTL of 300 seconds, although using a longer TTL (up to 3600 seconds) should be fine if you'd like to reduce the load on your DNS server. Please note that because of existing DNS TTLs it may take some time for Valimail to detect that you've updated your DNS with the correct settings.


DNS Host does not support custom NS records

In this case, you will need to point your DMARC record to Valimail, by adding the following CNAME record for the “_dmarc” subdomain to your DNS:

Record Name:    

Record Type: CNAME

Record Value:

When using this method, only the DMARC record and not the reporting domains are managed by Valimail. For more information about setting up external reporting domains when using a CNAME _dmarc record, click here


Best Practice

Delete the “_dmarc” TXT record from your DNS zones after you’ve added the NS record (or CNAME record).