Free DMARC Record Generator

Create DMARC records with custom policies, reporting addresses, and alignment settings. Configure how receiving servers handle unauthenticated emails — free and instant.

Policy ConfigurationNo Data Stored100% Free

Domain Name

Policy

Aggregate Report Email (rua)

Email address where daily aggregate DMARC reports will be sent.

Forensic Report Email (ruf)

Email address for detailed failure reports. Optional — not all providers send these.

(optional)

Subdomain Policy (sp)

Policy for subdomains. Inherits from main policy if not set.

Percentage (pct)

Percentage of messages the policy applies to (1-100).

SPF Alignment (aspf)

Relaxed allows subdomain matches. Strict requires exact domain match.

DKIM Alignment (adkim)

Relaxed allows subdomain matches. Strict requires exact domain match.

Report Interval (ri)

Seconds between aggregate reports. 86400 = 24 hours.

Failure Reporting Options (fo)

0 = both fail, 1 = either fails, d = DKIM fails, s = SPF fails.

0 — Both SPF and DKIM fail1 — Either SPF or DKIM failsd — DKIM failss — SPF fails

Generated entirely in your browser. No data is sent to our servers or stored anywhere.

Already have DMARC set up?

Verify your existing record is valid and properly published.

Check DMARC Record

What is DMARC and Why It Matters

DMARC builds on SPF and DKIM to give domain owners policy control and full visibility into who is sending email on their behalf — authorized or not.

Stops Phishing at the Source

Without DMARC, anyone can forge your domain in the From header and send convincing phishing emails to your customers, partners, or employees. DMARC enforcement with p=reject blocks these attempts before they ever reach an inbox. Major providers require it for bulk senders.

GmailYahooOutlookApple Mail

Visibility Through Reports

Aggregate reports give you a daily view of every email claiming to come from your domain, including unauthorized senders you may not know about.

Unifies SPF and DKIM

DMARC ties together your SPF and DKIM records, letting you specify a consistent policy for what happens when either fails.

How to Publish Your DMARC Record

Four steps from generation to verified DMARC enforcement.

Set Up SPF and DKIM First

DMARC requires at least one of SPF or DKIM to be configured and passing alignment. We recommend having both in place before adding DMARC.

Tip: Use our SPF Generator and DKIM Generator to get those set up before adding DMARC.

Generate and Publish the Record

Use the tool above, then log in to your DNS provider and create a new TXT record. Set the name to _dmarc.yourdomain.com and paste the full value.

Start with Monitoring, Then Enforce

Begin with p=none to collect reports without affecting delivery. Review for 2–4 weeks, then move to quarantine, then reject.

Caution: Jumping straight to p=reject without monitoring first can block legitimate email if your SPF or DKIM is misconfigured.

Verify With Our DMARC Checker

DNS changes can take up to 48 hours to propagate. Use our DMARC Record Checker to confirm the record is live and correctly formatted.

How DMARC Works Behind the Scenes

Sending

Email Arrives

A receiving server gets an email claiming to be from your domain and runs SPF and DKIM checks.

Policy Lookup

DMARC Lookup

The server fetches your DMARC record from _dmarc.yourdomain.com to find your policy.

Enforcement

Policy Applied

Based on your policy, the server accepts, quarantines, or rejects the email — and sends you a report.

More Free DNS Tools

SPF Record Generator

Create SPF DNS records to authorize email senders

SPF Record Checker

Verify your SPF configuration is valid

DKIM Record Generator

Generate DKIM keys and DNS records

DKIM Record Checker

Validate your DKIM signing setup

DMARC Record Checker

Check your DMARC policy and reporting config

Frequently Asked Questions

Common questions about DMARC records, policies, and email reporting.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds on SPF and DKIM. It lets domain owners specify how unauthenticated emails should be handled.

Start with 'none' (monitor only) to collect reports without affecting email delivery. After reviewing reports for 2-4 weeks, move to 'quarantine' and eventually 'reject' for full protection.

RUA (aggregate) reports are daily XML summaries showing authentication results for all emails from your domain. RUF (forensic) reports contain details about specific failed messages. RUA is essential; RUF is optional.

DMARC requires at least one of SPF or DKIM to be configured, but we strongly recommend setting up both before enabling DMARC for the best results.

Alignment checks whether the domain in the From header matches the domain used in SPF or DKIM. 'Relaxed' allows subdomains to match; 'strict' requires an exact match.

After publishing the DNS record, allow up to 48 hours for propagation. Reports typically start arriving within 24-72 hours after the record is live.

Still have questions?

Contact our support team →

Your Next Campaign Deserves
a Clean List

Stop guessing. Stop bouncing. Start reaching the people who actually want to hear from you.

Get Started Free View Pricing

200 free credits · No credit card required · Results in minutes