DMARC Record Generator
Create a properly formatted DMARC record for your domain in seconds. DMARC (Domain-based Message Authentication, Reporting & Conformance) tells email servers how to handle messages that fail SPF or DKIM authentication checks.
Your DMARC Record
_dmarc.yourdomain.comTXTv=DMARC1; p=noneConfigure the settings below — the record above updates in real time.
Basic Settings
e.g., example.com
none = monitor, quarantine = spam, reject = block
Inherits main policy by default
Reporting
Receives daily aggregate reports
Receives individual failure reports
Percentage of emails to apply policy to
Controls when failure reports are sent
Alignment
Strict requires exact domain match for SPF
Strict requires exact domain match for DKIM
What is DMARC Record?
DMARC is an email authentication protocol that protects your domain from unauthorized use (email spoofing). It builds on SPF and DKIM to give domain owners control over what happens when authentication fails. A DMARC record is a DNS TXT entry published at _dmarc.yourdomain.com that specifies your authentication policy and where to send reports.
How to Use This Tool
Generate Your Record
Use the form above to configure your DMARC policy. Start with 'none' to monitor, then move to 'quarantine' or 'reject' once you're confident.
Add to Your DNS
Log in to your DNS provider (GoDaddy, Cloudflare, Namecheap, etc.). Create a new TXT record with host '_dmarc' and paste the generated value.
Monitor Reports
DMARC aggregate reports will be sent to your specified email. Review them to understand who's sending email on behalf of your domain.
Frequently Asked Questions
A DMARC record is a DNS TXT entry that tells receiving mail servers how to handle emails that fail SPF or DKIM authentication. It helps prevent email spoofing and phishing attacks using your domain.
Start with 'none' (monitoring only) to see who's sending email from your domain without affecting delivery. Once you've verified all legitimate senders are authenticated, move to 'quarantine' then 'reject' for maximum protection.
The rua email receives aggregate reports — daily summaries of authentication results. The ruf email receives forensic (failure) reports — detailed reports on individual messages that failed authentication. Start with rua for visibility.
Yes. DMARC relies on SPF and DKIM to authenticate emails. You should set up SPF and DKIM records first, then add DMARC to define your policy for messages that fail those checks.
DNS changes typically propagate within 24-48 hours. After that, receiving servers will start applying your DMARC policy and sending reports to your specified email addresses.
Yes, positively. DMARC improves deliverability by proving to email providers that you take authentication seriously. However, a 'reject' policy on an improperly configured domain can cause legitimate emails to be blocked.