DKIM and dmarc aint working

hello, i did read how to setup DKIM and dmarc but still they aint working for some reason, i check them on “mxtoolbox” plz check the pictures…

As for the former picture -

The “DMARC Policy Not Enabled” will stay there for as long as you keep the p= value set to none.

You would need to change “v=DMARC1; p=none;” to e.g. “v=DMARC1; p=reject;” in your _dmarc TXT record to “fix” that.

For the second picture, -

It claims the value in the p= parameter is not in the right format, this could indicate that while attempting to copy-paste the public key in to your DNS, that one or some characters may possibly have been lost.

In the last line of it, it could within the blurred parts look like you have a space in the middle.

As you’re blurring all the relevant data from the screenshots you provide references to, where the errors are claimed to be with in, it may be tough - if even possible, to assist you, or otherwise come with suggestions.

Unless you’re willing to share e.g.:

  1. What domain

  2. What selector (e.g. blah from

I would simply suggest you to re-check that you have copied the DKIM record 100% exactly as written from your email provider.


hello, thanks for the respond and it worked, also someone helped me fix the dkim u just need to take your public key here [Preformatted text](

and take that part and use it after ( v=DKIM1; k=rsa; t=s; p=)


also can u tell me how to fix this issues

The first two ones resulting in “*DMARC Quarantine/Reject policy not enabled” is the same as the one mentioned above:

The “SOA Serial Number” and “SOA Expire Value” are things you should ignore.

The “SOA Serial Number” is typically indicating the revision of your latest DNS edit, it is very common to use e.g. YYYYMMDDXX format, where YYYYMMDD is the year/month/day, e.g. 20230929, and XX indicating a revision number from 00 to 99, often ending up with e.g. 2023092901 on your first edit of your DNS on 2023-09-29, 2023092902 on the second time you’re editing your DNS, and so forth.

It is not mandatory to use the well-known YYYYMMDDXX format, some DNS services are simply using starting from number 1, then number 2, and so forth, and again other DNS services are using DNS using Unix timestamp / epoch (e.g. number of seconds since January 1, 1970).

For “SOA Expire Value”, there are similarly some people (and thus, some DNS testers) that mean they should have a number within a specific range.

Both of these two are some quite stubborn opinions, however, calling the “SOA Serial Number” invalid, as mxtoolbox does, … is definitely not true.

None of these two actually have effect any in the way Cloudflare operates it’s DNS.


thanks for ur help, everything works fine rn :slight_smile:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.