How do I fix dmarc policy none on Shopify?

Shopify does not manage DNS records — your domain's DNS is controlled at your domain registrar (e.g., GoDaddy, Namecheap, Cloudflare) or wherever you pointed your nameservers. Log in to your DNS provider's control panel and locate the DNS management / DNS Records section for your store's domain. Find the existing TXT record with the Name/Host _dmarc (i.e., _dmarc.yourdomain.com) and click Edit. Change p=none to p=quarantine in the record value, save, and wait 24–48 hours for propagation. Monitor reports. After confirming no legitimate mail fails, edit the record again and change p=quarantine to p=reject. If you use Shopify Email or a third-party ESP connected to Shopify (Klaviyo, Omnisend, etc.), verify that service is included in your SPF record and has DKIM configured before tightening DMARC.

How to fix dmarc policy none on Shopify

Strengthen your DMARC policy from p=none (monitor-only) to p=quarantine, then p=reject, to actively block email spoofing of your domain.

Steps for Shopify

Shopify does not manage DNS records — your domain's DNS is controlled at your domain registrar (e.g., GoDaddy, Namecheap, Cloudflare) or wherever you pointed your nameservers.
Log in to your DNS provider's control panel and locate the DNS management / DNS Records section for your store's domain.
Find the existing TXT record with the Name/Host _dmarc (i.e., _dmarc.yourdomain.com) and click Edit.
Change p=none to p=quarantine in the record value, save, and wait 24–48 hours for propagation. Monitor reports.
After confirming no legitimate mail fails, edit the record again and change p=quarantine to p=reject.
If you use Shopify Email or a third-party ESP connected to Shopify (Klaviyo, Omnisend, etc.), verify that service is included in your SPF record and has DKIM configured before tightening DMARC.

Official Shopify documentation ↗

; Step 1 – current state (monitor only — fix this)
v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com;

; Step 2 – intermediate enforcement (quarantine)
v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@yourdomain.com;

; Step 3 – full enforcement (target state)
v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-reports@yourdomain.com;

What is dmarc policy none?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a DNS record that tells receiving mail servers what to do with emails that claim to come from your domain but fail authentication checks. A policy of p=none means "do nothing — just watch." It is a starting point for monitoring, not a finished protection. Until you move to p=quarantine or p=reject, anyone on the internet can send phishing or fraud emails that appear to come from your store's domain and mail servers will deliver them without question.

With p=none in place, criminals can impersonate your brand in phishing emails to your customers, suppliers, or staff — and those emails will land in inboxes rather than spam folders. A successful phishing campaign erodes customer trust, can trigger payment fraud chargebacks, and may expose you to legal liability. Google and Yahoo's 2024 bulk-sender requirements made a published DMARC policy a deliverability prerequisite, so staying at p=none also risks your legitimate marketing and transactional emails being filtered or rejected. Moving to p=reject is the only setting that fully closes the spoofing window.

See the complete Dmarc policy none guide for every platform and the full background.

Not sure if your Shopify store has this?

Run a free SEOLZ audit — we’ll find dmarc policy none and every other issue across your whole site.

Scan my site free

How to fix dmarc policy none on Shopify

Steps for Shopify

What is dmarc policy none?

Not sure if your Shopify store has this?

Fix dmarc policy none on another platform