The Problem

Standard DNS implementations of SPF, DKIM and DMARC all suffer from the same problems, they are difficult to edit and error-prone, especially so if you control multiple domains across multiple registrars.

Dynamic DMARC

Dynamic DMARC solves this problem by controlling these records from within the OnDMARC Dynamic DMARC panel, there is no need to return to the registrar to update the records.

This is done by replacing the static TXT records with OnDMARC's smart records, these will be NS records for DKIM and DMARC and a new smart TXT record for SPF.

Managing these protocols from Dynamic DMARC will provide several benefits for


  • SPF will benefit from Dynamic SPF's caching and lookup handling which adds robustness and removes the 10 lookup limitation from conventional SPF.

  • DKIM will benefit from notifications of redundant keys and straightforward management.

  • DMARC will benefit from simpler and error-free updates within the interface, ensuring that your journey to reject is fast and efficient

How to set up Dynamic DMARC

Configuring Dynamic DMARC is as simple as follows:

  1. Navigate to Dynamic DMARC within OnDMARC, select the protocol you wish to set-up and click Configure.

  2. Add the generated record to your DNS at the specified location.

  3. Check that Dynamic DMARC has picked up the smart record and, if required, delete any original record that Dynamic DMARC will be replacing.


Does Dynamic DMARC support BIMI and MTA-STS?

Support for the relevant BIMI DNS records will be added in the coming months as the protocol is fully deployed.

Support for MTA-STS is currently in development, this section will be updated as the protocol is deployed.

Existing Users

If you were already using Dynamic SPF, your entries have all been moved over to Dynamic DMARC, you will not have to make any changes to SPF.

What if I don't have DKIM, SPF or DMARC?

If you don't have any of the protocols that can be managed within Dynamic DMARC currently configured then Dynamic DMARC is a great place to start, simply open up the given protocol within the Dynamic DMARC panel, click Configure and add the generated record to your DNS. You are now ready to begin configuring authentication for your legitimate sending services!

Did this answer your question?