trustyourinbox
← All articles

Editing DNS records in GoDaddy

trustyourinbox detected your domain's DNS is on GoDaddy. We don't have a GoDaddy adapter yet, so the DMARC / SPF / DKIM / MTA-STS records we recommend need to be published by you in the GoDaddy panel. The flow below is short — under five minutes — and the screenshots haven't changed in the last 18 months. If GoDaddy ships a UI update after this article, the field labels may move slightly but the steps stay in the same order.

Step 1 — Find the DNS editor

  1. Sign in to godaddy.com and click Domain Portfolio (top-right user menu, or the "My Products" tile on the home page).
  2. In the list of your domains, click the domain name (not the menu next to it). This opens Domain Settings.
  3. On Domain Settings, click the DNS tab. You'll see a table of all current DNS records for the domain.

Step 2 — Add the record

  1. Click Add New Record (top-right of the records table).
  2. Set Type to TXT.
  3. Fill the fields per the fix type below. Critical: in GoDaddy's Name field, never include the domain itself — just the prefix. Use @ for the apex.

DMARC

  • Name: _dmarc
  • Type: TXT
  • Value: paste the record exactly as trustyourinbox suggested, e.g. v=DMARC1; p=quarantine; pct=100; rua=mailto:<your-rua>@rua.trustyourinbox.com
  • TTL: 1 Hour (default) is fine. For faster rollback during testing, switch to Custom and enter 600 seconds.

SPF

  • Name: @
  • Type: TXT
  • Value: v=spf1 …mechanisms… ~all
  • Critical: a domain MUST have only ONE v=spf1 TXT record at the apex. If GoDaddy already shows a TXT row that starts with v=spf1, click the pencil icon on that existing row and edit it — don't add a second.

DKIM

  • Name: the selector + ._domainkey (e.g., google._domainkey, k1._domainkey, mta1._domainkey)
  • Type: TXT
  • Value: paste the public-key string from your ESP, including the v=DKIM1; k=rsa; p=… prefix.
  • GoDaddy's Value field caps at 1024 characters — RSA-2048 keys are ~390 chars, RSA-1024 are ~210 chars, both fit. RSA-4096 keys need to be split into multi-string format: "part1" "part2" — but that's rare; most ESPs ship 2048.

MTA-STS DNS pointer

  • Name: _mta-sts
  • Type: TXT
  • Value: v=STSv1; id=<numeric-id>
  • This TXT record is the pointer; the actual MTA-STS policy is a separate .well-known/mta-sts.txt file served over HTTPS at mta-sts.<your-domain>. trustyourinbox can host the policy file for you (separate setup).

Step 3 — Save

Click Save at the bottom of the form (or Save All Records if you queued multiple). If your domain has Domain Protection enabled, GoDaddy will challenge you for a 2-step verification code (SMS, authenticator app, or one-time email). Enter the code to confirm. After save, GoDaddy publishes the change to its nameservers within a few seconds.

Step 4 — Verify the record published

From a terminal, run:

  • DMARC — dig +short TXT _dmarc.yourdomain.com
  • SPF — dig +short TXT yourdomain.com | grep spf1
  • DKIM — dig +short TXT <selector>._domainkey.yourdomain.com
  • MTA-STS pointer — dig +short TXT _mta-sts.yourdomain.com

Or paste the hostname into https://dns.google/query?type=TXT&name=<hostname> for a browser-based check. Receivers may still be caching the old answer (TTL window) for up to an hour at the default TTL — the record is published correctly the moment dig returns the new value.

Step 5 — Tell trustyourinbox to recheck

Each per-domain protocol tab in trustyourinbox has a Recheck button at the top of the "Current record" section. Click it after the GoDaddy edit publishes; we run a fresh DoH lookup against Cloudflare 1.1.1.1 and Google 8.8.8.8 in parallel and update the dashboard immediately. If digshows the new value but trustyourinbox doesn't pick it up, give it a couple of minutes — DoH caches between you and the resolver can lag.

Common GoDaddy pitfalls

  1. Putting the full domain in the Name field. GoDaddy auto-appends your domain. If you type _dmarc.yourdomain.com in Name, you'll create a record at _dmarc.yourdomain.com.yourdomain.com — wrong. Just type _dmarc.
  2. Adding a second SPF record instead of editing the existing one. RFC 7208 §3.2 says one v=spf1 record per apex — receivers permerror on more than one, and every authorized sender starts looking unauthorized. Always edit the existing apex TXT row that begins with v=spf1.
  3. Pasting a value with smart quotes. Some browser clipboards convert straight quotes to typographic quotes (“ ”) when copying. GoDaddy rejects these — re-type or paste from a plain-text editor.
  4. Not waiting for the TTL. Receivers honor the existing TTL on the record they last cached. If the previous TTL was 24 hours and you just changed the record, some receivers will keep returning the old value for up to 24 more hours. Fix is to lower the TTL before the change, then raise it back after — or accept that new records may have a slow rollout.

If you get stuck

Open the per-domain page in trustyourinbox, click Recheck, and if the dashboard still shows the issue, paste the dig +short TXT <hostname>output into a support email. We'll narrow down the difference between what we expected and what GoDaddy published.

Stop guessing. Start monitoring.

Free for 1 domain. Set up in 5 minutes. We handle the report parsing, you read plain-English summaries.

Run a free audit