DMARC Record Generator Tool

Generate a DMARC record for your domain

A Domain-based Message Authentication Reporting and Conformance (DMARC) record lets you tell receiving mail providers what to do with messages from your organization that don't pass SPF or DKIM.

Start with a low percentage and increase gradually. This will allow you to slowly test stronger authentication policies without impacting legitimate emails. For exmple, you could start with 10%. That will instruct email providers to quarantine/reject a random 10% of emails and the remaining 90% of emails will not be impacted.
If using a DMARC monitoring service they will provide a unique email address where aggregate DMARC reports will be sent for processing.
Individual failure reports, or Forensic Reports, are copies of individual pieces of email that fail the DMARC check.

Setup DMARC Record

Follow our step-by-step instructions to setup your new DMARC record.

Now that you've successfully generated your DMARC record, complete the setup by creating a TXT record for your domain. The process will be similar for most domain registrars and hosting providers with some small differences.

  1. Log into your Account
  2. Navigate to the Domains page
  3. You should see a list of all your domains; click on the domain
  4. Click on DNS or Edit DNS
  5. Then click on Host Records or Edit Host Records
  6. Now you will have the option to create a new record
  7. For the record Type select TXT
  8. For the Host/Name field — copy and paste the DMARC Record Host or Name we generated for you
  9. For the Content/Value field — copy and paste the DMARC Record Content or Value we generated for you
  10. For the TTL field leave it as-is to use the default value
  11. Click Save to complete your updates (allow up to 48 hours for your DNS changes to take full effect globally)

Below is an example DMARC record to guide you.

DMARC Compliance Explained

DMARC compliance will prevent malicious actors from abusing your domain reputation which can in turn impact your deliverability.

Becoming DMARC compliant involves more than just adding a TXT record to your DNS records. It's a process that can take several weeks to months, depending on your sending volume, email marketing platform or email delivery provider who send email on your behalf.

This is what a typical DMARC compliance process looks like:

  1. Add a DMARC record to your domain host records with a policy of p=none
  2. Collect data from DMARC reports using a monitoring service for several weeks or months depending on your organization
  3. Perform an audit and adjust your SPF & DKIM records if neccessary to bring your domain into alignment
  4. Collect more data from DMARC reports for several weeks or months depending on your organization
  5. Perform an audit, adjust your SPF & DKIM records if neccessary and enforce a stricter DMARC policy of p=quarantine
  6. Continue collecting data from DMARC reports for several weeks or months depending on your organization
  7. Perform a final audit, adjust your SPF & DKIM records if neccessary and enforce the strictest DMARC policy of p=reject
  8. Continue collecting DMARC reports and monitoring your sending habits

The goal of becoming DMARC complaint is to eventually enforce a policy of p=reject. Setting a reject policy will ensure that all malicious email is stopped. The recipient of the intended malicious email will never become aware of the email in the first place, as it will never get sent to a spam or quarantine folder. Since it's completely blocked, emails are never delivered and end-users cannot be tricked into clicking on a malicious link or opening a dangerous attachment.

The downside is if legitimate emails are failing authentication and emails get rejected, the receiver will never know they are not receiving the intended email. For organizations not actively using a reporting system to monitor authentication, it could take months to discover that legitimate email is not being delivered, potentially hurting marketing programs or other opportunities to engage with prospects, customers and partners. This is why it's important to take DMARC compliance step-by-step, use a monitoring service and incrementally enforce a stricter DMARC policy.

Choose a DMARC monitoring service

Before creating your DMARC record start by choosing a monitoring service to process reports and monitor DMARC compliance.

Postmark Free or $10/month
Dmarcian Free up to 2 domains or $24/m
Dmarcly Basic plan $17.99/month
Powerdmarc Free or $8/month