DMARC Record Generator
Build a complete DMARC TXT record in seconds. Choose your policy, set up reporting, and copy the record straight to your DNS.
Monitoring only. No emails will be blocked. Good for starting out.
Where to receive daily aggregate DMARC reports
Detailed failure reports (not all providers send these)
What percentage of failing mail gets the policy applied. Use 100% unless you want a gradual rollout.
Your DMARC Record
v=DMARC1; p=none; pct=100; adkim=r; aspf=r DNS Record Details
| Type: | TXT |
| Host/Name: | _dmarc |
| Value: | v=DMARC1; p=none; pct=100; adkim=r; aspf=r |
How DMARC Works
DMARC builds on top of SPF and DKIM — two authentication protocols that verify whether an email really came from the domain it claims to be from. When a receiving server gets an email, it checks SPF and DKIM first. Then it looks at your DMARC record to decide what to do if those checks fail.
The three DMARC policies work in escalating order of strictness:
- None: Monitor only. Failing emails are delivered normally, but you receive reports about authentication results. Start here to understand your email ecosystem.
- Quarantine: Failing emails are sent to the spam folder. This protects your domain while still allowing recipients to find misrouted legitimate email.
- Reject: Failing emails are blocked entirely. Maximum protection against spoofing, but make sure all legitimate senders pass authentication first.
Frequently Asked Questions
What is a DMARC record?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a DNS TXT record that tells receiving mail servers what to do when emails from your domain fail SPF or DKIM checks. It also lets you receive reports about who is sending email using your domain.
What DMARC policy should I use?
Start with "none" (monitoring only) for 2-4 weeks to see who is sending email from your domain. Once you confirm legitimate senders pass authentication, move to "quarantine" to send failing emails to spam. After further monitoring, upgrade to "reject" for maximum protection.
How do I add a DMARC record to my DNS?
Create a TXT record with the host/name set to "_dmarc" and the value set to your generated DMARC record. In Cloudflare, go to DNS > Add Record > TXT, set Name to "_dmarc", and paste the value. Most DNS providers follow a similar process.
What are DMARC aggregate reports?
Aggregate reports (rua) are XML files sent daily by receiving mail servers showing which IPs sent email using your domain, whether they passed SPF/DKIM, and what percentage of mail is failing. Free services like Google Postmaster Tools and DMARC Analyzer can help you read these reports.
How long should I monitor before enforcing DMARC?
Monitor with p=none for at least 2-4 weeks, reviewing aggregate reports to ensure all legitimate email services are properly authenticated. Only move to quarantine or reject when you are confident that all legitimate senders pass SPF and DKIM checks.