Skip to main content
fareof
Start free

Free Tool

DMARC Generator

Configure your DMARC policy and get a ready-to-publish DNS TXT record. No account needed.

Generated TXT Record

Host: _dmarc

v=DMARC1; p=none
Policy *

Controls subdomain policy independently from the main domain.

mailto:

Where providers send XML aggregate reports. Strongly recommended.

mailto:

Receives individual failure reports. Optional — many senders skip this.

1% (gradual rollout)100% (full enforcement)

Percentage of failing messages the policy applies to. Use values below 100 when gradually rolling out quarantine or reject.

What is a DMARC record?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a DNS policy that tells receiving mail servers how to handle messages failing SPF or DKIM authentication. Published as a TXT record at _dmarc.yourdomain.com, it protects your domain from spoofing and phishing attacks.

A DMARC record consists of tag-value pairs separated by semicolons. The most critical tag is p= (policy), which controls what receivers do with failing messages. Supporting tags like rua= and ruf= configure where aggregate and forensic reports are sent.

Google and Yahoo now require a DMARC record (at minimum p=none) for senders who send more than 5,000 messages per day. Moving to p=reject is strongly recommended for all production domains to prevent brand impersonation.

How to add your DMARC record to DNS

Cloudflare

  1. Log in to dash.cloudflare.com and select your domain.
  2. Go to DNS → Records → Add record.
  3. Type: TXT | Name: _dmarc | Content: paste the generated record | TTL: Auto.
  4. Click Save. Changes propagate within minutes.

GoDaddy

  1. Log in to GoDaddy and open My Products → DNS.
  2. Click Add under DNS Records.
  3. Type: TXT | Host: _dmarc | TXT Value: paste the generated record | TTL: 1 hour.
  4. Click Save. Allow up to 1 hour for propagation.

Amazon Route 53

  1. Open the Route 53 console and select your hosted zone.
  2. Click Create record.
  3. Record name: _dmarc | Type: TXT | Value: paste the generated record (wrap in quotes if the console requires it).
  4. Click Create records. TTL of 300 seconds is recommended.

Verify your DMARC is live

After adding the record, use the free DMARC Checker to confirm it is published correctly.

Check DMARC Record →

Frequently asked questions

What policy should I start with?
Start with p=none so you receive aggregate reports without affecting email delivery. After 2–4 weeks of reviewing reports and fixing authentication gaps, move to p=quarantine, then p=reject.
What should I put in the rua field?
Use a mailbox you actively monitor, for example [email protected]. Mailbox providers will send XML aggregate reports there daily. Third-party DMARC processors like Postmark or Dmarcian provide a ready-made address.
Do I need ruf (forensic reports)?
ruf is optional. Forensic reports contain details of individual failing messages and raise privacy considerations. Many senders skip ruf and rely solely on rua aggregate reports.
What does the percentage (pct) slider do?
pct controls what fraction of failing messages the policy applies to. pct=100 (default) applies your policy to all failures. Lower values let you roll out quarantine or reject gradually — useful when moving from none to enforce.
Where do I publish the DMARC record in DNS?
Add a TXT record with host _dmarc (or _dmarc.yourdomain.com depending on your provider) and paste the generated value. Changes typically propagate within minutes but may take up to 48 hours.
Can I set a different policy for subdomains?
Yes — the sp= tag controls subdomain policy independently. If omitted, subdomains inherit the p= policy. Set sp=none to monitor subdomains while enforcing on the main domain.