Free DMARC Record Generator by Hello Inbox

Enter your domain or subdomain name

What type of DMARC policy do you want?

What percentage of emails you want to apply this policy to?

Start with a low percentage and increase gradually. This will allow you to slowly test stronger authentication policies without impacting legitimate emails. For exmple, you could start with 10%. That will instruct email providers to quarantine/reject a random 10% of emails and the remaining 90% of emails will not be impacted.

Email address to receive aggregate reports

If using a DMARC monitoring service they will provide a unique email address where aggregate DMARC reports will be sent for processing.

Do you want to receive individual failure reports?

Individual failure reports, or Forensic Reports, are copies of individual pieces of email that fail the DMARC check.

Email address to receive forensic reports

When do you want to receive forensic reports?

DMARC Record Host or Name

DMARC Record Content or Value

Setup DMARC Record

Follow our step-by-step instructions to setup your new DMARC record.

Now that you've successfully generated your DMARC record, complete the setup by creating a TXT record for your domain. The process will be similar for most domain registrars and hosting providers with some small differences.

Log into your Account
Navigate to the Domains page
You should see a list of all your domains; click on the domain
Click on DNS or Edit DNS
Then click on Host Records or Edit Host Records
Now you will have the option to create a new record
For the record Type select TXT
For the Host/Name field — copy and paste the DMARC Record Host or Name we generated for you
For the Content/Value field — copy and paste the DMARC Record Content or Value we generated for you
For the TTL field leave it as-is to use the default value
Click Save to complete your updates (allow up to 48 hours for your DNS changes to take full effect globally)

Below is an example DMARC record to guide you.

Type

Host or Name

TTL

Content or Value

DMARC Compliance Explained

DMARC compliance will prevent malicious actors from abusing your domain reputation which can in turn impact your deliverability.

Becoming DMARC compliant involves more than just adding a TXT record to your DNS records. It's a process that can take several weeks to months, depending on your sending volume, email marketing platform or email delivery provider who send email on your behalf.

If you're setting up DMARC for the first time, we recommend setting a policy of p=none and collecting aggregate data with a DMARC monitoring service. You can then monitor reports and slowly bring your domain into compliance over time.

This is what a typical DMARC compliance process looks like:

Add a DMARC record to your domain host records with a policy of p=none
Collect data from DMARC reports using a monitoring service for several weeks or months depending on your organization
Perform an audit and adjust your SPF & DKIM records if neccessary to bring your domain into alignment
Collect more data from DMARC reports for several weeks or months depending on your organization
Perform an audit, adjust your SPF & DKIM records if neccessary and enforce a stricter DMARC policy of p=quarantine
Continue collecting data from DMARC reports for several weeks or months depending on your organization
Perform a final audit, adjust your SPF & DKIM records if neccessary and enforce the strictest DMARC policy of p=reject
Continue collecting DMARC reports and monitoring your sending habits

The goal of becoming DMARC complaint is to eventually enforce a policy of p=reject. Setting a reject policy will ensure that all malicious email is stopped. The recipient of the intended malicious email will never become aware of the email in the first place, as it will never get sent to a spam or quarantine folder. Since it's completely blocked, emails are never delivered and end-users cannot be tricked into clicking on a malicious link or opening a dangerous attachment.

The downside is if legitimate emails are failing authentication and emails get rejected, the receiver will never know they are not receiving the intended email. For organizations not actively using a reporting system to monitor authentication, it could take months to discover that legitimate email is not being delivered, potentially hurting marketing programs or other opportunities to engage with prospects, customers and partners. This is why it's important to take DMARC compliance step-by-step, use a monitoring service and incrementally enforce a stricter DMARC policy.

Choose a DMARC monitoring service

Before creating your DMARC record start by choosing a monitoring service to process reports and monitor DMARC compliance.

Postmark	Free or $10/month	https://dmarc.postmarkapp.com/
Dmarcian	Free up to 2 domains or $24/m	https://dmarcian.com/pricing/
Dmarcly	Basic plan $17.99/month	https://dmarcly.com/pricing
Powerdmarc	Free or $8/month	https://powerdmarc.com/power-dmarc-pricing-policy/