DMARC Record Generator

Build a valid DMARC record for your domain. Set your policy, configure reporting, and generate a ready-to-publish TXT record.

Policy (p=)
Override the policy for subdomains if they differ from the root domain.
Where to send daily XML aggregate reports. Strongly recommended.
Where to send per-message forensic reports (many providers no longer send these).
100 = apply to all messages. Lower values are useful for gradual rollout. Omitted from record when 100.
Alignment
DKIM alignment (adkim=)
SPF alignment (aspf=)
Failure reporting options (fo=)
Your DMARC Record
TXT record name: _dmarc.yourdomain.com
v=DMARC1; p=none
Publish this as a TXT record at _dmarc.yourdomain.com.

How to use the DMARC Generator

Start with p=none to begin monitoring. This lets you collect aggregate reports without affecting mail delivery. Once you're confident that legitimate mail passes SPF and DKIM, escalate to p=quarantine, then p=reject.

Set up the rua= address to receive daily aggregate reports. These reports tell you which servers are sending mail claiming to be from your domain, and whether that mail is passing authentication checks. Tools like Google Postmaster Tools, Valimail, and DMARC Analyzer can parse these reports for you.

Relaxed alignment (the default) allows subdomains to pass — e.g. mail from mail.example.com passes for example.com. Strict alignment requires an exact domain match. Use relaxed unless you have a specific reason to require strict.

After publishing, use the DMARC Checker to verify your record is correctly formatted and reachable.