Free DMARC Record Generator Tool

Enter your domain or subdomain name

What type of DMARC policy do you want?

What percentage of emails you want to apply this policy to?

Start with a low percentage and increase gradually. This will allow you to slowly test stronger authentication policies without impacting legitimate emails. For example, you could start with 10%. That will instruct email providers to quarantine/reject a random 10% of emails and the remaining 90% of emails will not be impacted.

Email address to receive aggregate reports

If using a DMARC monitoring service they will provide a unique email address where aggregate DMARC reports will be sent for processing.

Do you want to receive individual failure reports?

Individual failure reports, or Forensic Reports, are copies of individual pieces of email that fail the DMARC check.

Email address to receive forensic reports

When do you want to receive forensic reports?

DMARC Record Host or Name

DMARC Record Content or Value

Setup DMARC Record

Follow our step-by-step instructions to setup your new DMARC record.

Now that you've successfully generated your DMARC record, complete the setup by creating a TXT record for your domain. The process will be similar for most domain registrars and hosting providers with some small differences.

Log into your Account
Navigate to the Domains page
You should see a list of all your domains; click on the domain
Click on DNS or Edit DNS
Then click on Host Records or Edit Host Records
Now you will have the option to create a new record
For the record Type select TXT
For the Host/Name field — copy and paste the DMARC Record Host or Name we generated for you
For the Content/Value field — copy and paste the DMARC Record Content or Value we generated for you
For the TTL field leave it as-is to use the default value
Click Save to complete your updates (allow up to 48 hours for your DNS changes to take full effect globally)

Below is an example DMARC record to guide you.

Type

Host or Name

TTL

Content or Value

DMARC Compliance Explained

DMARC compliance will prevent malicious actors from abusing your domain reputation which can in turn impact your deliverability.

Becoming DMARC compliant involves more than just adding a TXT record to your DNS records. It's a process that can take several weeks to months, depending on your sending volume, email marketing platform or email delivery provider who send email on your behalf.

If you're setting up DMARC for the first time, we recommend setting a policy of p=none and collecting aggregate data with a DMARC monitoring service. You can then monitor reports and slowly bring your domain into compliance over time.

This is what a typical DMARC compliance process looks like:

Add a DMARC record to your domain host records with a policy of p=none
Collect data from DMARC reports using a monitoring service for several weeks or months depending on your organization
Perform an audit and adjust your SPF & DKIM records if neccessary to bring your domain into alignment
Collect more data from DMARC reports for several weeks or months depending on your organization
Perform an audit, adjust your SPF & DKIM records if neccessary and enforce a stricter DMARC policy of p=quarantine
Continue collecting data from DMARC reports for several weeks or months depending on your organization
Perform a final audit, adjust your SPF & DKIM records if neccessary and enforce the strictest DMARC policy of p=reject
Continue collecting DMARC reports and monitoring your sending habits

The goal of becoming DMARC complaint is to eventually enforce a policy of p=reject. Setting a reject policy will ensure that all malicious email is stopped. The recipient of the intended malicious email will never become aware of the email in the first place, as it will never get sent to a spam or quarantine folder. Since it's completely blocked, emails are never delivered and end-users cannot be tricked into clicking on a malicious link or opening a dangerous attachment.

The downside is if legitimate emails are failing authentication and emails get rejected, the receiver will never know they are not receiving the intended email. For organizations not actively using a reporting system to monitor authentication, it could take months to discover that legitimate email is not being delivered, potentially hurting marketing programs or other opportunities to engage with prospects, customers and partners. This is why it's important to take DMARC compliance step-by-step, use a monitoring service and incrementally enforce a stricter DMARC policy.

Choose a DMARC monitoring service

Before creating your DMARC record start by choosing a monitoring service to process reports and monitor DMARC compliance.

Postmark	Free or $10/month	https://dmarc.postmarkapp.com/
Dmarcian	Free up to 2 domains or $24/m	https://dmarcian.com/pricing/
Dmarcly	Basic plan $17.99/month	https://dmarcly.com/pricing
Powerdmarc	Free or $8/month	https://powerdmarc.com/power-dmarc-pricing-policy/

DMARC Frequently Asked Questions

Questions frequently asked by our users regarding DMARC records and compliance

What is a DMARC Record Generator?

A DMARC Record Generator is a tool that enables you to easily create a valid DMARC record with just a few clicks. By using this tool, you can specify your requirements and preferences, allowing the generator to create a customized syntax that adheres to these specifications. Once generated, the DMARC Record is ready to be published on your domain DNS, providing enhanced protection and authentication for your email domain.

Can I add a DMARC Record without SPF or DKIM?

Yes, you can add a DMARC record without SPF or DKIM, but for the DMARC policy to be enforced effectively, emails must pass either SPF authentication and alignment or DKIM authentication and alignment. If both SPF and DKIM are missing, the DMARC policy will not be able to properly authenticate the email, leading to a failed DMARC result.

How does DMARC work with subdomains?

DMARC specifications for subdomains are typically inherited from the parent domain by default unless they are specifically configured separately. In the absence of specific configuration for a subdomain, it will adopt the DMARC policy set at the parent domain level. This means that if the parent domain has a certain DMARC policy in place, such as "reject", the subdomain will automatically adhere to this policy.

However, there is a provision for subdomains to have their own independent DMARC configurations. If a subdomain is configured separately from the parent domain, the system will respect the manual DMARC setup for that particular subdomain. In such cases, the DMARC policy implemented at the subdomain level will take precedence over any inherited policies from the parent domain.

What is DMARC Domain Alignment?

DMARC Domain Alignment is a fundamental principle of DMARC (Domain-based Message Authentication, Reporting, and Conformance) that focuses on ensuring consistency between the domain indicated in the email's 'From' header and the actual domain of the sender's email address. In simpler terms, alignment occurs when the domain in the 'From' header matches the domain used by the sender, thus establishing the authenticity and legitimacy of the email. This alignment is crucial for DMARC to validate the email as genuine and prevent various malicious activities such as spoofing, impersonation attacks, business email compromise, and phishing. By maintaining alignment, DMARC enhances email security by providing a layer of protection against these harmful practices.