DMARC Record Generator
Generate a DMARC record for your domain with guided presets. Choose your enforcement level and customize the settings.
DMARC Rollout Guide
How this tool works
This generator builds a DMARC TXT record from your selected options following RFC 7489 syntax. It produces the record value to publish at _dmarc.{domain}. Presets (Monitor, Quarantine, Reject) set sensible defaults; advanced options let you control alignment, subdomain policy, forensic reporting, and percentage.
Note: This tool generates the record — it does not publish it. You must add the generated TXT record to your DNS provider. Always start with p=none and monitor aggregate reports before tightening enforcement.
Step 1: Start with p=none
Begin by deploying a DMARC record with p=none. This tells receivers to send you reports without affecting email delivery. Monitor for 2-4 weeks.
Step 2: Move to p=quarantine with low pct
Once you have confirmed that legitimate senders pass SPF and DKIM, set p=quarantine; pct=25. This sends 25% of failing emails to spam. Gradually increase pct.
Step 3: Full enforcement with p=reject
After thorough testing, set p=reject to block all unauthorized emails. This provides maximum protection against spoofing.
Common Mistakes
- Jumping straight to
p=rejectwithout monitoring - Forgetting to include all legitimate senders in SPF
- Not setting up DKIM for third-party services
- Using the wrong domain in rua/ruf addresses