Free Tool

DMARC Record Generator

Generate a correct DMARC record for your domain. Configure your policy, reporting addresses, alignment mode, and get a ready-to-use DNS TXT record.

1Your domain (optional, for preview)

2Choose your policy

3Configure reporting

Aggregate reports (rua) — recommended

Daily summary reports about authentication results. Essential for monitoring.

Forensic reports (ruf) — optional

Individual failure reports with message details. Not all providers send these.

4Advanced options (optional)

Subdomain policy (sp)

Apply a different policy to subdomains. If not set, inherits from the main policy.

Policy percentage (pct): 100%

Apply the policy to this percentage of messages. Use less than 100% for gradual rollout.

SPF alignment (aspf)

DKIM alignment (adkim)

Your DMARC Record

DNS Host / Name:

_dmarc.yourdomain.com

TXT Value:

v=DMARC1; p=none

How to add this record:

Go to your DNS provider (Cloudflare, Route 53, GoDaddy, etc.)
Add a new TXT record
Set the Host/Name to _dmarc
Paste the DMARC record above as the Value
Save and wait for DNS propagation (5-60 minutes)
Verify with our DMARC Checker

DMARC deployment guide

Step 1: Start with p=none

Deploy DMARC with p=none and aggregate reporting enabled. This lets you collect data about who is sending email from your domain without affecting delivery.

Step 2: Analyze reports

Review your DMARC reports to identify all legitimate senders and ensure they pass SPF and DKIM authentication. Fix any failures before tightening the policy.

Step 3: Move to quarantine

Once all legitimate senders pass, move to p=quarantine. Unauthorized emails will go to spam instead of the inbox.

Step 4: Enforce with reject

The final step is p=reject. Unauthorized emails are blocked entirely. This provides maximum protection against domain spoofing and phishing.