A DMARC (Domain-based Message Authentication, Reporting & Conformance) record is a crucial component for securing your email domain. It prevents unauthorized use of your domain by ensuring that emails sent from your domain are authenticated using SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).
Our DMARC Record Generator makes it easy to create and configure your DMARC record, ensuring your domain's email security is robust and reliable.
Easily create a DMARC record for your domain or subdomain. Submit your domain, and we'll verify if a DMARC record exists.DMARC record generator is helpful if your DMARC checker results show that you’re missing the record or it contains any errors.
Here are the tags and their desriptions:
v (required): The version tag. The only allowed value is "DMARC1". If it's incorrect or the tag is missing, the DMARC record will be ignored.
p (required): The DMARC policy. Allowed values are "none", "quarantine", or "reject". The default is "none," which takes no action against non-authenticated emails. It only helps collect DMARC reports and gain insight into your current email flows and their authentication status. "quarantine" marks the failed emails as suspicious, while "reject" blocks them.
rua: Aggregate report sending destination. It's the "mailto:" URI that ESPs use to send failure reports. The tag is optional, but you won’t receive reports if you skip it.
ruf: Forensic (Failure) report sending destination. It's the "mailto:" URI that ESPs use to send failure reports. The tag is optional, but you won’t receive reports if you skip it.
sp: The subdomain policy. The subdomain inherits the domain policy tag (p=) explained above unless specifically defined here. Like the domain policy, the allowed values are "none," "quarantine," or "reject." This option isn't widely used nowadays.
adkim: The DKIM signature alignment. This tag follows the alignment between the DKIM domain and the parent Header From domain. Allowed values are "r" (relaxed) or "s" (strict). "r" is the default and allows a partial match, while the "s" tag requires the domains to be the same.
aspf: The SPF alignment. This tag follows the alignment between the SPF domain (the sender) and the Header From domain. Allowed values are "r" (relaxed) or "s" (strict). "r" is the default, and allows a partial match, while the "s" tag requires the domains to be exactly the same.
fo: Forensic reporting options. Allowed values are "0," "1," "d," and "s." "0" is the default value, which generates a forensic report when both SPF and DKIM fail to produce an aligned pass. If either of the protocol outcomes is something other than pass, use "1." "d" generates a report when DKIM is invalid, while "s" does the same for SPF. Define the ruf tag to receive forensic reports.
rf: The reporting format for failure reports. Allowed values are "afrf" and "iodef".
pct: The percentage tag. This tag works on domains with "quarantine" or "reject" policy only. It marks the percentage of failed emails a given policy should be applied to. The rest falls under a lower policy. For example, if "pct=70," on a domain with "quarantine" policy, it applies only 70% of the time. The remaining 30% goes under "p=none". Similarly, if "p=reject" and "pct=70," "reject" applies to the 70% of failed emails, and the 30% go into "quarantine."
ri: Reporting interval. Marks the frequency of received XML reports in seconds. The default is 86400 (once a day). Regardless of the set interval, in most cases, ISPs send the reports at different intervals (usually once a day).
A DMARC record helps protect your domain from being used in email spoofing and phishing attacks. It provides you with reports on email activities, allowing you to monitor and improve your email authentication practices.
Simply submit your domain or subdomain in the tool.
Our DMARC Record Generator will guide you through a quick and advanced setup to create your DMARC record.
Fill in the required fields, click "Generate DMARC," and your record will be ready.
The essential tags for a DMARC record are:
v: Version tag, which must be "DMARC1".
p: DMARC policy, which can be "none," "quarantine," or "reject".
Yes, by including the `rua` and `ruf` tags in your DMARC record, you can receive aggregate and forensic reports on email activities. These reports help you understand your email flows and authentication status.
The `p` tag specifies the DMARC policy for your domain.
The values can be:
none: Takes no action against non-authenticated emails.
quarantine: Marks failed emails as suspicious.
reject: Blocks failed emails from being delivered.
You can use the `pct` tag to specify the percentage of failed emails that the DMARC policy should apply to. For example, `pct=70` means the policy applies to 70% of failed emails.
The `ri` tag determines the reporting interval in seconds. The default is 86400 seconds (once a day). However, the actual frequency may vary depending on the ISPs.
If your DMARC record has errors or is missing required tags, it will be ignored. Ensure that the `v` tag is set to "DMARC1" and that the `p` tag is properly configured.
Yes, you can use the `sp` tag to set specific DMARC policies for subdomains. If the `sp` tag is not set, subdomains will inherit the main domain policy. Feel free to reach out to our customer support team for any query or concern.