DMARC Record Generator
Build a valid DMARC record for your domain. DMARC ties SPF and DKIM together and tells receiving mail servers what to do when email fails authentication — monitor, quarantine, or reject. Set your policy, reporting addresses, and alignment preferences below.
Build Your DMARC Record
Your Domain
Domain Policy (p)
What should receiving servers do when an email fails both SPF and DKIM checks?
Monitor only — failed messages are delivered normally. Start here to collect data before enforcing.
Subdomain Policy (sp) — optional
Override the policy for subdomains (e.g., mail.example.com). If not set, subdomains inherit the main policy.
Percentage (pct) — optional
Percentage of failing messages the policy applies to. Use for gradual rollout (e.g., start at 10%, increase to 100%).
% of failing messages
Reporting
Where should receiving servers send DMARC reports? Aggregate reports (rua) are essential — they show who is sending email as your domain.
XML reports sent daily by receiving servers. Add multiple addresses separated by commas.
Per-message failure details. Optional — many providers don't send these due to privacy.
Alignment — optional
Alignment controls how strictly the From domain must match SPF and DKIM domains. Relaxed allows subdomain matches; strict requires exact matches.
Failure Reporting Options (fo) — optional
Generated DMARC Record
Record Type
TXT
Host / Name
_dmarc
Value
(shown below)
v=DMARC1; p=none;
click to copy
Record Length
—
Recommended Rollout
Phase 1 — Monitor: Start with
p=none and an rua address. Collect reports for 2-4 weeks to identify all legitimate senders.Phase 2 — Quarantine: Switch to
p=quarantine; pct=10 and gradually increase pct to 100 as you confirm all senders pass.Phase 3 — Reject: Move to
p=reject for full enforcement. Spoofed emails will be blocked.