DMARC Record Generator

Generate a DMARC record for your domain to protect against email spoofing and phishing. Fill out the form below to create your custom DMARC TXT record.

Generated DMARC Record
Add this TXT record to your DNS at _dmarc.yourdomain.com
v=DMARC1; p=none

DNS Configuration

Record Type: TXT

Host/Name: _dmarc.yourdomain.com

Value: v=DMARC1; p=none

TTL: 3600 (1 hour) or your DNS provider's default

Domain Name
Enter the domain you want to protect with DMARC

This is used to show you where to add the DNS record. The record will be added at _dmarc.yourdomain.com

Policy (p=)
What should receivers do with emails that fail DMARC authentication?

Receive reports but take no action on failing emails. Best for initial deployment to understand your email flows.

Failing emails should be treated as suspicious (typically sent to spam). Use after monitoring confirms legitimate senders.

Failing emails should be rejected outright. Maximum protection once you're confident in your email authentication setup.

Recommended for new deployments: Start with "none" to collect reports and understand your email flows before enforcing a stricter policy.

Subdomain Policy (sp=)
Policy for subdomains (e.g., mail.example.com)

If not specified, subdomains inherit the parent domain's policy. Set this if you want different handling for subdomain emails.

Percentage (pct=)
Percentage of messages to apply the policy to
100%

Allows gradual rollout of stricter policies. Start at a low percentage when moving from "none" to "quarantine" or "reject".

Aggregate Report Email (rua=)
Email address to receive daily aggregate reports

Aggregate reports contain statistics about emails sent using your domain. These are XML files sent once per day by email receivers like Google and Microsoft.

Forensic Report Email (ruf=)
Email address for detailed failure reports (optional)

Forensic reports contain details about individual failing messages. Note: Many providers no longer send these due to privacy concerns.

DKIM Alignment (adkim=)
How strictly to match DKIM domain

Allows subdomains to pass (mail.example.com passes for example.com)

Requires exact domain match

SPF Alignment (aspf=)
How strictly to match SPF domain

Allows subdomains to pass (mail.example.com passes for example.com)

Requires exact domain match

Report Interval (ri=)
How often to request aggregate reports (in seconds)

Most email providers only send daily reports regardless of this setting. The default of 86400 seconds (24 hours) is recommended.

Want Automatic DMARC Monitoring?

Creating a DMARC record is just the first step. To effectively protect your domain, you need to:

  • Monitor incoming aggregate reports to understand who sends email as your domain
  • Identify legitimate senders that need SPF/DKIM configuration
  • Detect unauthorized use of your domain for phishing attempts
  • Safely progress from "none" to "quarantine" to "reject" policies
Sign Up for Free DMARC Monitoring
Understanding DMARC Records

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that builds on SPF and DKIM. It helps email receivers determine what to do with messages that fail authentication and provides a reporting mechanism so domain owners can monitor how their domain is being used.

DMARC Record Tags Explained

v=DMARC1 - Version

Required. Identifies this as a DMARC record. Must be "DMARC1".

p= - Policy

Required. Tells receivers what to do with failing emails: none (monitor), quarantine (spam), or reject.

sp= - Subdomain Policy

Optional. Policy for subdomains. If not set, subdomains inherit the parent domain's policy.

pct= - Percentage

Optional. Percentage of messages to apply policy to (0-100). Defaults to 100. Useful for gradual rollout.

rua= - Aggregate Report URI

Optional but recommended. Email address to receive daily aggregate reports (XML format).

ruf= - Forensic Report URI

Optional. Email address for detailed failure reports. Many providers no longer send these.

adkim= - DKIM Alignment Mode

Optional. How strictly DKIM domain must match: r (relaxed, default) or s (strict).

aspf= - SPF Alignment Mode

Optional. How strictly SPF domain must match: r (relaxed, default) or s (strict).

ri= - Report Interval

Optional. Requested interval between reports in seconds. Defaults to 86400 (daily).

DMARC Implementation Best Practices

  1. Start with p=none: Begin with a monitoring-only policy to understand your email flows without impacting delivery.
  2. Configure SPF and DKIM first: Ensure all legitimate email sources are properly authenticated before enforcing DMARC.
  3. Monitor reports: Regularly review DMARC aggregate reports to identify issues and unauthorized senders.
  4. Gradual rollout: Use the pct= tag to gradually apply stricter policies to a percentage of your email.
  5. Progress to reject: Once confident in your setup, move to p=reject for maximum protection against spoofing.