You may choose to connect Authenticate for reporting purposes only.

You can start seeing your senders, spoofers, and email auth results by simply including in your DMARC record.

You might want to do this if

  • your DNS host doesn’t support NS records
  • you need permission for other edits
  • you are just trying things out

The system won’t be able to authenticate email this way, but you will gain visibility and can choose to unlock the system's full power later.

To fully point DMARC policy control to the app, follow this guide.

How to connect for DMARC reporting only

1. Login to your DNS host and find how to edit your TXT records. Different hosts put these controls different places. It may help to review this guide just to find out how to get to the right controls.

2. If you have a DMARC record already, add one recipient.

Look for a record that begins with "v=DMARC1" this will be your DMARC record. Simply add this address to the rua=

Be aware that

  • use a comma between each recipient
  • always end a DMARC record with a semicolon

Editing DNS records can be tricky and is a reason many people choose a product like this.

For example:,

If you don't have a DMARC record already, create one. We suggest you start with this record:

v=DMARC1; p=none;;

You can set the Time to Live (TTL) to 600 seconds, or another number if needed.

What does this do?

The rua parameter holds "Reporting URIs for Aggregate data." Think of it as a list of subscribers who should be emailed DMARC aggregate reports.

DMARC aggregate reports never contain PII (personally identifiable information).

Learn more about DMARC records and data