Publish a DMARC record to protect your domain when sending transactional email through Mailgun.
TXT
_dmarc
v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1
If using a Mailgun subdomain, add the DMARC record to that subdomain: _dmarc.mg.yourdomain.com.
Ensure both SPF and DKIM are set up and verified in Mailgun for your sending domain.
Use Mailgun's API or SMTP to send a test message and check the Authentication-Results header for SPF and DKIM pass.
Add a TXT record at _dmarc.yourdomain.com (or _dmarc.mg.yourdomain.com if using a subdomain).
v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1Review DMARC reports for 2-4 weeks to ensure Mailgun emails pass alignment.
Gradually move to p=quarantine and then p=reject.
After adding your DNS records, use our free DMARC checker to verify everything is configured correctly. DNS changes typically propagate within minutes, but can take up to 48 hours.
If your root domain has a DMARC record, it applies to subdomains via the sp= tag (or defaults to the p= policy). You can add a separate DMARC record on the subdomain for a different policy.
Proper DMARC improves deliverability by signaling to receivers that you actively protect your domain. It only blocks email if authentication fails.
Send a test email via Mailgun, then inspect the email headers. Look for Authentication-Results showing dmarc=pass and verify the alignment mode (relaxed or strict).