Free Tool

DMARC Record Generator

Create a properly formatted DMARC record for your domain in seconds. DMARC (Domain-based Message Authentication, Reporting & Conformance) tells email servers how to handle messages that fail SPF or DKIM authentication checks.

Your DMARC Record

Record Name (Host)_dmarc.yourdomain.com

Record TypeTXT

v=DMARC1; p=none

Configure the settings below — the record above updates in real time.

Basic Settings

Domain

e.g., example.com

Policy

none = monitor, quarantine = spam, reject = block

Subdomain Policy

Inherits main policy by default

Reporting

Aggregate Report Email (rua)

Receives daily aggregate reports

Forensic Report Email (ruf)

Receives individual failure reports

Report Percentage

Percentage of emails to apply policy to

Failure Reporting Option

Controls when failure reports are sent

Alignment

SPF Alignment

Strict requires exact domain match for SPF

DKIM Alignment

Strict requires exact domain match for DKIM

What is DMARC Record?

DMARC is an email authentication protocol that protects your domain from unauthorized use (email spoofing). It builds on SPF and DKIM to give domain owners control over what happens when authentication fails. A DMARC record is a DNS TXT entry published at _dmarc.yourdomain.com that specifies your authentication policy and where to send reports.

Why It Matters

Without DMARC, anyone can send emails pretending to be your domain. This damages your brand, confuses recipients, and tanks your deliverability. Email providers like Gmail and Yahoo now require DMARC for bulk senders — if you're sending cold email or marketing campaigns without it, you're leaving inbox placement on the table.

How to Use This Tool

Generate Your Record

Use the form above to configure your DMARC policy. Start with 'none' to monitor, then move to 'quarantine' or 'reject' once you're confident.

Add to Your DNS

Log in to your DNS provider (GoDaddy, Cloudflare, Namecheap, etc.). Create a new TXT record with host '_dmarc' and paste the generated value.

Monitor Reports

DMARC aggregate reports will be sent to your specified email. Review them to understand who's sending email on behalf of your domain.

Common Mistakes to Avoid

Starting with a 'reject' policy

Jumping straight to p=reject blocks legitimate emails from services you forgot to authenticate. Start with p=none to monitor, then gradually tighten to quarantine and reject.

Missing the rua reporting address

Without aggregate reports, you're flying blind. Always include a rua address so you can see who's sending email from your domain and catch unauthorized senders.

Forgetting subdomains

DMARC only covers the exact domain by default. If you send from marketing.example.com, you need a separate DMARC record or a sp= subdomain policy on the parent domain.

Not setting up SPF and DKIM first

DMARC depends on SPF and DKIM to work. Publishing a DMARC record without functioning SPF and DKIM means every email will fail authentication checks.

Frequently Asked Questions

A DMARC record is a DNS TXT entry that tells receiving mail servers how to handle emails that fail SPF or DKIM authentication. It helps prevent email spoofing and phishing attacks using your domain.

Start with 'none' (monitoring only) to see who's sending email from your domain without affecting delivery. Once you've verified all legitimate senders are authenticated, move to 'quarantine' then 'reject' for maximum protection.

The rua email receives aggregate reports — daily summaries of authentication results. The ruf email receives forensic (failure) reports — detailed reports on individual messages that failed authentication. Start with rua for visibility.

Yes. DMARC relies on SPF and DKIM to authenticate emails. You should set up SPF and DKIM records first, then add DMARC to define your policy for messages that fail those checks.

DNS changes typically propagate within 24-48 hours. After that, receiving servers will start applying your DMARC policy and sending reports to your specified email addresses.

Yes, positively. DMARC improves deliverability by proving to email providers that you take authentication seriously. However, a 'reject' policy on an improperly configured domain can cause legitimate emails to be blocked.

Related Free Tools

SPF Record Generator

Generate an SPF DNS TXT record to authorize which servers can send email on behalf of your domain.

Try it free

DKIM Record Generator

Generate DKIM DNS records and cryptographic keys to verify your emails haven't been tampered with in transit.

Try it free

Email Deliverability Checklist

Audit your email deliverability with a 41-point interactive checklist. Copy and share with your tech team.

Try it free

DMARC set up? Now warm up your mailbox.

Authentication is step one. Email warmup is step two. TrulyInbox gradually builds your sender reputation so your emails land in the inbox, not spam.