Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. DMARC: CNAME record present along with DMARC TXT record

Author: Government Digital Service

DMARC: CNAME record present along with DMARC TXT record

What this means

A CNAME and TXT DMARC record exists with the same fully qualified domain name.

Why this is a problem

In most circumstances, a CNAME record should not coexist with any other record with the same name.

If multiple DMARC records are published for a domain, this may cause DMARC processing to fail and therefore your DMARC policy will not be enforced.

This increases the chances of spoofed emails being sent from your domain, and in some circumstances it can affect email deliverability.

How to check if the problem is there

Check your DNS zone for presence of multiple record types named ‘_dmarc’ with the same fully qualified domain name.

You might want to use the following online tools to check for this issue:

How to fix this

If you intend to publish your DMARC record via a CNAME, such as using a third party solution to manage your DMARC record, then you should delete the conflicting TXT record.

If you intend to publish your DMARC record via TXT record, then you should delete conflicting CNAME record.

If you use a third party system to manage your email security or DMARC record, you may wish to contact them about this issue for advice.

It is acceptable to have separate DMARC records for subdomains as these will have a different fully qualified domain name.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now