DMARC Record Generator
Generate a properly formatted DMARC TXT DNS record for your domain with a guided form.
About DMARC Record Generation
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication policy published as a TXT DNS record at _dmarc.yourdomain.com. It tells receiving mail servers what to do with messages that fail SPF or DKIM authentication, and where to send reports about those failures.
Recommended deployment path
- Start with p=none — Monitor-only mode. Collect aggregate reports to understand your email sending ecosystem before enforcing any policy. Run this for at least 2–4 weeks.
- Move to p=quarantine — Failing messages are sent to spam/junk. Set
pct=25initially and gradually increase to 100 as you confirm legitimate sources are passing. - Enforce p=reject — The goal state. Failing messages are rejected outright. This provides the strongest protection against domain spoofing and phishing using your domain name.
DMARC alignment
DMARC requires "alignment" between the domain in the From: header and the domain validated by SPF or DKIM. Relaxed alignment (adkim=r / aspf=r) allows subdomain matches; strict alignment (s) requires an exact match. Most organisations use relaxed alignment to support legitimate subdomains.
Aggregate reports (rua)
Set the rua tag to an email address where ISPs will send daily XML reports. These reports show which IP addresses are sending email claiming to be from your domain, and whether SPF and DKIM are passing. DMARC report parsing tools (like the DMARC Report Parser on this site) help make sense of the XML data.