DMARC Record Generator

Create valid DMARC DNS TXT records to protect your domain from email spoofing and phishing. Step-by-step builder with all policy options.

Web & SEO

Instant results

Domain

Domain Name

Policy Settings

Domain Policy (p=)

No action is taken on failing messages. Use this to collect reports and understand your email flow before enforcing.

Subdomain Policy (sp=)

Percentage (pct=): 100%

1%100%

Alignment Settings

DKIM Alignment (adkim=)

SPF Alignment (aspf=)

Reporting Settings

Aggregate Report Email (rua=)

Receives daily XML aggregate reports. Highly recommended for monitoring.

Forensic Report Email (ruf=)

Receives per-message failure reports. Not supported by all providers.

Reporting Interval (ri=) in seconds

Default: 86400 (24 hours). Common values: 3600 (1 hour), 43200 (12 hours), 86400 (24 hours).

Failure Reporting Options (fo=)

0 - All mechanisms fail
Generate a report if all underlying authentication mechanisms fail (default)1 - Any mechanism fails
Generate a report if any underlying authentication mechanism failsd - DKIM fails
Generate a report if DKIM signature evaluation fails, regardless of alignments - SPF fails
Generate a report if SPF evaluation fails, regardless of alignment

Monitoring Mode

Your DMARC policy is set to monitor only. No messages will be blocked or quarantined. This is the recommended starting point to collect data before enforcing stricter policies.

MonitorQuarantineReject

Generated DMARC Record

DNS Record Name (Host)

_dmarc.example.com

Record Type

TXT

TXT Record Value

v=DMARC1; p=none

Record Breakdown

v=DMARC1DMARC version

p=noneDomain policy

DNS Setup Instructions

Log in to your DNS provider or domain registrar (e.g., Cloudflare, GoDaddy, Namecheap, Route 53).
Navigate to the DNS management section for your domain.
Create a new TXT record with the following values:
- Host/Name: _dmarc.example.com
- Type: TXT
- Value: the generated record above
- TTL: 3600 (1 hour) or your provider's default
Save the record. DNS propagation typically takes a few minutes to 48 hours.
Verify your DMARC record using a DMARC lookup tool or by running: nslookup -type=txt _dmarc.example.com

Important: Before setting p=quarantine or p=reject, make sure you have:

Configured SPF records for all sending sources
Set up DKIM signing for your domain
Monitored DMARC reports with p=none first
Confirmed legitimate email sources pass authentication

Understanding DMARC Records

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that builds on top of SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). It allows domain owners to publish a policy in their DNS records that specifies how receiving mail servers should handle messages that fail authentication checks.

DMARC solves a critical problem in email security: even with SPF and DKIM in place, there was no standardized way for domain owners to tell receiving servers what to do when authentication failed, or to get feedback about messages claiming to be from their domain.

A DMARC record is published as a DNS TXT record at _dmarc.yourdomain.com and contains the policy along with optional reporting addresses and alignment settings.