Free DMARC Generator
DMARC Record Generator
Create a valid DMARC record in a few clicks to use it in your DNS.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Creating a DMARC record for your domain can be a bit overwhelming.
Even if you know how DMARC works, it’s easy to mistype a character and render your record useless.
But not anymore…
With our DMARC generator, generating your record is as easy as a few button clicks. And as long as you supply the tool with the correct information, your record will work.
Even if you know how DMARC works, it’s easy to mistype a character and render your record useless.
But not anymore…
With our DMARC generator, generating your record is as easy as a few button clicks. And as long as you supply the tool with the correct information, your record will work.
How to use the DMARC generator
Our DMARC generator is easy-to-use. Here are the steps to get your DMARC record:
Step 1: Enter your domain name
Step 1: Enter your domain name
Step 2: Select your Policy Type.
This determines what happens to emails that fail authentication. “None” means emails pass normally, with Quarantine they’re sent to spam, and “Reject” prevents the delivery of the email altogether.
This determines what happens to emails that fail authentication. “None” means emails pass normally, with Quarantine they’re sent to spam, and “Reject” prevents the delivery of the email altogether.
Step 3: Select your sub-domain policy. A subdomain policy in a DMARC record specifies how email from subdomains should be handled. It overrides the main domain's policy for that subdomain.
Step 4: Enter the email address you want the DMARC reports to be sent to. DMARC reports provide data on email authentication results. They help domain owners monitor and adjust their DMARC policy for improved email security.
Step 5: Choose how often you want to receive the DMARC reports
Step 6: Choose what percentage of your emails you want to apply your DMARC policy to
Step 7: Click Generate DMARC Record and check the results:
Step 8: Add the DMARC record to your domain’s DNS settings
DMARC explained 👩🏻🏫
Domain-based Message Authentication, Reporting & Conformance is an email authentication protocol that makes your emails more secure.
It helps to prevent criminals from using your domain to commit cybercrimes like phishing attacks.DMARC tells the receiving server what do with emails that fail SPF and DKIM authentication, two other email security protocols.
Receiving email servers can find this information in the DMARC record associated with a domain.
Here’s what each part of a DMARC record means:
- The host value holds your domain preceded by the DMARC prefix.
- The prefix is usually appended by your domain/hosting provider.The type is the type of DNS record. For a DMARC records, you need the TXT type.
- The value field is where things get interesting:
- The V stands for version. This is currently always DMARC1.
- The P stands for policy. Here’s where you define what to do with emails that fail authentication. As explained in the “How to use the DMARC generator” , you can pick from one of three main actions here: 1. None (emails that fail authentication get delivered normally) 2. Quarantine (Emails that fail authentication are sent to spam) 3. Reject (Emails that fail authentication do no get delivered).
- The RUA tag holds the email address you want to the DMARC reports to be sent to.The RI tag determines the reporting interval in seconds. For example, ri=604800 means you’ll receive a report every week.
- The PCT tag holds the percentage of emails that you want your DMARC policy to apply to. For example, if it’s set to 50, only half your emails will go through the authentication process.
It helps to prevent criminals from using your domain to commit cybercrimes like phishing attacks.DMARC tells the receiving server what do with emails that fail SPF and DKIM authentication, two other email security protocols.
Receiving email servers can find this information in the DMARC record associated with a domain.
Here’s what each part of a DMARC record means:
- The host value holds your domain preceded by the DMARC prefix.
- The prefix is usually appended by your domain/hosting provider.The type is the type of DNS record. For a DMARC records, you need the TXT type.
- The value field is where things get interesting:
- The V stands for version. This is currently always DMARC1.
- The P stands for policy. Here’s where you define what to do with emails that fail authentication. As explained in the “How to use the DMARC generator” , you can pick from one of three main actions here: 1. None (emails that fail authentication get delivered normally) 2. Quarantine (Emails that fail authentication are sent to spam) 3. Reject (Emails that fail authentication do no get delivered).
- The RUA tag holds the email address you want to the DMARC reports to be sent to.The RI tag determines the reporting interval in seconds. For example, ri=604800 means you’ll receive a report every week.
- The PCT tag holds the percentage of emails that you want your DMARC policy to apply to. For example, if it’s set to 50, only half your emails will go through the authentication process.
Frequently Asked Questions
Sign-up for free
Why do I need a DMARC record?
You can use it as many times as you need.
Can I add multiple providers to my SPF record?
Yes, just click all the email service providers you send email with.
Do you have generators for other email authentication protocols?
Yes, we have a DMARC generator too.
What happens to an email if it fails SPF authentication?
You can decide what happens to them by setting up a valid DMARC record. Receiving servers will typically follow the policy you set in your DMARC record. DMARC's three main policies are None (email gets a pass), Quarantine (email gets sent to spam), and Reject (email won't get delivered at all).
What happens if I send from a service not included in my SPF record?
Your emails will fail authentication and likely get sent to spam or not get delivered at all.