Adding DMARC, SPF, and DKIM records in Wix
The first thing to settle with Wix is whether you even edit DNS in Wix at all, because a domain that is only pointed to Wix keeps its records at the registrar. Once you are in the right place, the apex rule is the other thing that trips people up.
Before you start: do you edit DNS in Wix or at your registrar?
Wix connects domains two ways, and only one of them lets you edit DNS inside Wix. If your domain uses the Wix nameservers, Wix hosts your records and you edit them here. If the domain is only pointed to Wix, your records still live at your registrar, and that is where these changes go. Check your nameservers:
dig +short NS yourdomain.com
If the answers end in wixdns.net, follow the steps below. If they point somewhere else, edit your records at that provider instead. (The two Wix nameservers are assigned per domain, so use whichever pair Wix shows in your account rather than a fixed list.)
Step 1: Open Manage DNS Records
- In your Wix account, go to Domains.
- Click the Domain Actions icon next to the domain and choose Manage DNS Records.
- Scroll to the TXT (Text) section and select + Add Record.
Step 2: Add the record
Each TXT record has two fields: Host Name and Value. The apex rule is the catch. When a setup guide tells you to use @ for the root domain, leave the Host Name field blank in Wix instead. For a subdomain record, enter just the label.
DMARC
Host Name: _dmarc Value: v=DMARC1; p=none; rua=mailto:you@yourdomain.com
Start at p=none, then move past p=none once your reports are clean.
SPF
Host Name: (leave blank for the apex) Value: v=spf1 include:_spf.yourprovider.com ~all
Keep a single v=spf1 record. If a connected mailbox already added one, edit that record rather than adding a second.
DKIM
Host Name: selector._domainkey Value: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG... (your full public key)
Your sending provider gives you the selector and key. If your Wix mailbox is Google Workspace, you generate the DKIM key in Google and paste it here. Paste the whole value as one entry.
MTA-STS pointer
Host Name: _mta-sts Value: v=STSv1; id=20260623000000
Pointer only. The policy file is served over HTTPS at mta-sts.yourdomain.com, which trustyourinbox can host. TLS-RPT (_smtp._tls) is the same shape.
Wix quirks that bite
- Pointing vs nameservers. If your domain is only pointed to Wix, none of these records can be added in Wix. They go at your registrar.
- Blank, not @. For the apex, leave Host Name empty. Typing
@creates the wrong record. - Connected mail adds records for you.Setting up email through Wix adds the provider's MX records automatically. Check what is already there before adding SPF so you do not end up with two SPF records.
Step 3: Verify it published
dig +short TXT _dmarc.yourdomain.com dig +short TXT yourdomain.com | grep spf1 dig +short TXT selector._domainkey.yourdomain.com
Or paste the hostname into dns.google with type TXT. The record is live the moment the lookup returns it.
Tell trustyourinbox to recheck
Each per-domain protocol tab has a Recheck button next to the current record. Click it once the change resolves and we re-run the lookup and refresh the dashboard.
Keep reading
Run a free DMARC audit
Paste your domain and read your published SPF, DKIM, and DMARC back in plain English.
How we change DNS safely
The safety layers behind an automated fix, and why a hand edit deserves the same care.
DMARC record builder
Answer a few questions and get the exact _dmarc value to paste in.
Editing DNS at any provider
Not actually on Wix? The universal walkthrough finds your real DNS host.
Last verified 2026-06-23 against the official Wix documentation.
Free for one domain. Set up in five minutes. We parse the reports; you read plain-English summaries.