diff --git a/src/cloudron.js b/src/cloudron.js
index 88e7bc714..11e21acbf 100644
--- a/src/cloudron.js
+++ b/src/cloudron.js
@@ -425,14 +425,11 @@ function addDnsRecords() {
         var webadminRecord = { subdomain: constants.ADMIN_LOCATION, type: 'A', values: [ ip ] };
         // t=s limits the domainkey to this domain and not it's subdomains
         var dkimRecord = { subdomain: DKIM_SELECTOR + '._domainkey', type: 'TXT', values: [ '"v=DKIM1; t=s; p=' + dkimKey + '"' ] };
-        // reject all mails that do not conform to our DKIM or SPF policy
-        var dmarcRecord = { subdomain: '_dmarc', type: 'TXT', values: [ '"v=DMARC1; p=reject; pct=100"' ] };
 
         var records = [ ];
         if (config.isCustomDomain()) {
             records.push(webadminRecord);
             records.push(dkimRecord);
-            records.push(dmarcRecord);
         } else {
             // for non-custom domains, we show a nakeddomain.html page
             var nakedDomainRecord = { subdomain: '', type: 'A', values: [ ip ] };
@@ -440,7 +437,6 @@ function addDnsRecords() {
             records.push(nakedDomainRecord);
             records.push(webadminRecord);
             records.push(dkimRecord);
-            records.push(dmarcRecord);
         }
 
         debug('addDnsRecords: %j', records);
diff --git a/src/platform.js b/src/platform.js
index 2c7376c2f..0a4ecdba1 100644
--- a/src/platform.js
+++ b/src/platform.js
@@ -267,9 +267,16 @@ function startMail(callback) {
 
                 if (!mailConfig.enabled || process.env.BOX_ENV === 'test') return callback();
 
-                // Add MX record
-                var mxRecord = { subdomain: '', type: 'MX', values: [ '10 ' + config.mailFqdn() + '.' ] };
-                subdomains.upsert(mxRecord.subdomain, mxRecord.type, mxRecord.values, callback);
+                // Add MX and DMARC record. Note that DMARC policy depends on DKIM signing and thus works
+                // only if we use our internal mail server.
+                var records = [
+                    { subdomain: '_dmarc', type: 'TXT', values: [ '"v=DMARC1; p=reject; pct=100"' ] },
+                    { subdomain: '', type: 'MX', values: [ '10 ' + config.mailFqdn() + '.' ] }
+                ];
+
+                async.mapSeries(records, function (record, iteratorCallback) {
+                    subdomains.upsert(record.subdomain, record.type, record.values, iteratorCallback);
+                }, callback);
             });
         });
     });