Back to Top
Start Learning DMARC with Our New Free Course, "DMARC & Beyond".
Get Support
Contact Us
Home / Tools / DMARC Record Generator

DMARC Record Generator

Get an embed

Generate DMARC Records in a few clicks and use it in your DNS

Invalid domain name

Add RUA Address
Add RUF Address
Advanced Configuration

What is a DMARC Record?

A DMARC record is a TXT entry in your domain’s DNS that defines how incoming mail servers should handle messages that fail authentication checks. It acts as a set of instructions, guiding servers to either reject, quarantine, or accept emails that don’t meet verification criteria.

Having a DMARC record means domain owners can track email activity and identify unauthorized use through DMARC reports. Without a DMARC record, receiving servers don’t have clear instructions on how to handle unverified emails, which increases the risk of phishing and domain spoofing.

Here is an example of a published DMARC Record:
v=DMARC1; p=none; rua=mailto:[email protected]

In this example, ‘v=DMARC1’ indicates the version of DMARC being used,which is usually DMARC 1, while ‘p=none’ refers to the domain’s DMARC policy and tells receiving servers what to do with the message if it fails a DMARC check. The email address given is where DMARC reports will be sent to.

DMARC Record Checker
How to Create a DMARC Record

How to Create a DMARC Record

If you’re using EasyDMARC’s DMARC Record Generator tool, the process should be a breeze:

Please note that other fields in our tool are for finetuning optional or default tags. You can skip them and still have a perfectly usable DMARC record.

How to Generate Your Valid DMARC Record

Having a valid DMARC record in your DNS can be the difference between a protected email infrastructure and havings to pay a ransom to hackers. While you can create a DMARC record manually (if you know the right syntax), generating one with a DMARC record creator is much quicker, easier, and error-free. EasyDMARC’s DMARC Record Generator is the quickest way to generate a DMARC record with the right policy, reporting domains, and any optional tags you require.

EasyDMARC’s DMARC creator is helpful if your DMARC checker results show that you’re missing the record or it contains any errors. It’s also irreplaceable for record updates during a policy change or adding more report recipients. Once you generate the DMARC record, you’re just a step away from monitoring your email environment. Adding the record to your DNS allows you to analyze your domain infrastructure and resolve any issues one by one.

Valid DMARC Record

Frequently
Asked Questions

Have more questions?
Ask via Live Chat or Contact Us

TAGTAG DESCRIPTION
v (required)The version tag. The only allowed value is "DMARC1". If it's incorrect or the tag is missing, the DMARC record will be ignored.
p (required)The DMARC policy. Allowed values are "none", "quarantine", or "reject". The default is "none," which takes no action against non-authenticated emails. It only helps collect DMARC reports and gain insight into your current email flows and their authentication status. "quarantine" marks the failed emails as suspicious, while "reject" blocks them.
ruaAggregate report sending destination. It's the "mailto:" URI that ESPs use to send failure reports. The tag is optional, but you won’t receive reports if you skip it.
rufForensic (Failure) report sending destination. It's the "mailto:" URI that ESPs use to send failure reports. The tag is optional, but you won’t receive reports if you skip it.
spThe subdomain policy. The subdomain inherits the domain policy tag (p=) explained above unless specifically defined here. Like the domain policy, the allowed values are "none," "quarantine," or "reject." This option isn't widely used nowadays.
adkimThe DKIM signature alignment. This tag follows the alignment between the DKIM domain and the parent Header From domain. Allowed values are "r" (relaxed) or "s" (strict). "r" is the default and allows a partial match, while the "s" tag requires the domains to be the same.
aspfThe SPF alignment. This tag follows the alignment between the SPF domain (the sender) and the Header From domain. Allowed values are "r" (relaxed) or "s" (strict). "r" is the default, and allows a partial match, while the "s" tag requires the domains to be exactly the same.
foForensic reporting options. Allowed values are "0," "1," "d," and "s." "0" is the default value, which generates a forensic report when both SPF and DKIM fail to produce an aligned pass. If either of the protocol outcome is something other than pass, use "1." "d" generates a report when DKIM is invalid, while "s" does the same for SPF. Define the ruf tag to receive forensic reports.
rfThe reporting format for failure reports. Allowed values are "afrf" and "iodef".
pctThe percentage tag. This tag works on domains with "quarantine" or "reject" policy only. It marks the percentage of failed emails a given policy should be applied to. The rest falls under a lower policy. For example, if "pct=70," on a domain with "quarantine" policy, it applies only 70% of the time. The remaining 30% goes under "p=none". Similarly, if "p=reject" and "pct=70," "reject" applies to the 70% of failed emails, and the 30% go into "quarantine."
riReporting interval. Marks the frequency of received XML reports in seconds. The default is 86400 (once a day). Regardless of the set interval, in most cases, ISPs send the reports at different intervals (usually once a day).

What Is a DMARC Record Generator?

EasyDMARC’s DMARC Record Generator allows you to create a valid DMARC Record in a few clicks. The generated syntax will meet all your specifications and be ready to publish in your DNS.

Once the record has been generated, copy it and go to your domain’s DNS zone. Add a new TXT or CNAME record, then paste the provided DMARC record.

Note: Most DNS providers (e.g. GoDaddy) automatically include the domain name in the Host/Name field, so you only need to enter _dmarc.

TXT is the accepted DMARC record format if you’re dealing with it manually.

When using EasyDMARC’s Managed DMARC solution, the type of DMARC record that should be added to the DNS is a CNAME record. A CNAME (canonical name) record is a DNS record that can create an alias for the domain and allow traffic for the domain name to be redirected elsewhere.

Domain alignment is the core DMARC concept. Alignment happens when the domain name in the email's "From" header matches the sender's email domain. As a result, DMARC passes, indicating that it was a legitimate email.

DMARC domain alignment helps protect against spoofing, impersonation attacks, business email compromise, and phishing.

Subdomains inherit DMARC settings from the parent domain unless specified otherwise.

For example, if the parent domain has a ‘reject’ policy, the subdomain will inherit it. However, if you configure the subdomain separately, the system will not override your manual DMARC settings.

You can add the record, but it won’t function properly.

DMARC is based on SPF and DKIM. For it to pass, an email must pass SPF authentication and SPF alignment and/or DKIM authentication and DKIM alignment. If both are missing, DMARC will fail.

Join the 83,500+ companies and 175,000+ domains secured with us

This website uses Cookies to provide a better experience. You have the right to choose whether or not to accept Cookies. See our Cookie Policy for details.