What is a DMARC record?

DMARC (Domain-based Message Authentication, Reporting and Conformance) is a DNS policy that tells mail servers what to do when SPF or DKIM checks fail. It also enables aggregate reporting.

What DMARC policy should I start with?

Start with p=none to monitor without affecting mail delivery. Review reports, fix any issues, then gradually move to p=quarantine and finally p=reject.

Where do I add a DMARC record?

Add a TXT record with the name _dmarc.yourdomain.com (replace yourdomain.com with your actual domain) in your DNS provider.

What is the difference between rua and ruf?

rua receives aggregate reports (daily XML summaries of authentication results). ruf receives forensic/failure reports (individual copies of failing messages). ruf may contain PII so use with caution.

DMARC Record Generator

Build a valid DMARC record by selecting your policy, alignment, and report destinations. Copy the TXT record and add it to your DNS.

Files never leave your browser

Policy (p=) — what to do with failing mail

Subdomain Policy (sp=)

Aggregate Report Email (rua=) optional

Forensic Report Email (ruf=) optional

Percentage (pct=100%)

1%100%100%

Failure Options (fo=)

DKIM Alignment (adkim=)

SPF Alignment (aspf=)

DNS Name

_dmarc.yourdomain.com

DMARC TXT Record

v=DMARC1; p=none

Policy: none
Record length: 16 chars

Add as a TXT record for _dmarc.yourdomain.com in your DNS.

Generated entirely in your browser — nothing is sent to any server.

How to use DMARC Record Generator

The DMARC Record Generator creates a valid _dmarc TXT record from plain-language choices about how strictly you want to enforce email authentication and where you want reports sent. DMARC syntax is terse and easy to mistype, and a malformed record provides no protection at all, so generating it removes the risk. You choose a policy, set the reporting addresses, and optionally configure alignment and subdomain handling; the tool outputs the exact record to publish, helping you defend your domain against phishing and spoofing.

Choose your enforcement policy: none, quarantine or reject.
Enter the email address that should receive aggregate (rua) reports.
Optionally set a forensic (ruf) address and alignment strictness.
Copy the generated _dmarc TXT record.
Publish it at _dmarc.yourdomain.com and confirm with a DMARC checker.

Your data never leaves your device — 100% private processing.

Start at none, finish at reject

The safest deployment begins with p=none, which enforces nothing but causes receivers to send you aggregate reports about who is mailing as your domain. After a week or two you can read those reports to confirm every legitimate sender passes SPF or DKIM with alignment, then raise the policy to quarantine and finally reject. This staged approach means you never block your own mail by accident. The generator defaults to a monitoring-friendly record and makes it easy to tighten later.

DMARC tags you will set
Tag	Purpose
p	Policy: none, quarantine or reject
rua	Address for aggregate reports
ruf	Address for forensic reports
pct	Percentage of mail the policy applies to
adkim / aspf	DKIM/SPF alignment strictness

Why reporting addresses matter

The rua address is the heart of a useful DMARC deployment because the daily aggregate reports it receives are how you discover legitimate senders you forgot to authorise and spot spoofing attempts in progress. Without a reporting address you are enforcing a policy blind, with no way to know whether it is helping or quietly blocking real mail. Many teams point rua at a dedicated mailbox or a DMARC analytics service that turns the raw XML into readable dashboards. Always set rua, even when starting at p=none.

Glossary

DMARC: A policy framework instructing receivers how to handle unauthenticated mail and where to report.
p (policy): The DMARC tag setting the action for failing mail: none, quarantine or reject.
rua: The address that receives aggregate DMARC reports.
pct: The percentage of failing mail to which the policy is applied.
Alignment: The match required between the authenticated and visible From domains.

Frequently Asked Questions

Free · No spam

Get weekly tool tips & updates

New tools, power-user tips, and productivity hacks — delivered free every Friday.

No spam, ever. Unsubscribe with one click.

Why use DMARC Record Generator?

Real-time DNS lookups using live resolver queries
Supports IPv4 and IPv6 addresses
No software to install — runs entirely in the browser
Results include TTL values and record priority

Common use cases

Verify DNS propagation after updating nameservers
Check MX records when troubleshooting email delivery
Look up SPF/DKIM/DMARC records for email security audits
Test whether a SSL certificate is valid and up to date
Find the IP address behind a domain name

Related Network & DNS

SPF Record Generator

Generate SPF DNS TXT records for your domain. Support for Google Workspace, Microsoft 365, SendGrid, Mailchimp, custom IPs and includes.

Subnet / CIDR Calculator

Calculate network address, broadcast address, usable IP range, and host count for any IPv4 subnet. Free CIDR calculator.

DNS Lookup Tool

Look up DNS records for any domain — A, AAAA, MX, NS, TXT, CNAME, SOA, and CAA records. Free, instant results pulled from authoritative nameservers.

DNS Propagation Checker

Check if your DNS changes have propagated worldwide. Test A, MX, and NS records across 8 global DNS servers to confirm updates are live everywhere.

What Is My IP Address?

Instantly find your public IP address. Shows your IPv4 address as seen by websites and servers, plus quick details about your connection.

HTTP Headers Checker

View HTTP response headers for any URL. Check status codes, security headers, caching, redirects, and server details instantly. Free and private.

Explore all Network & DNS.