Use this DMARC record generator to create a ready-to-publish DNS TXT record.

Why use a DMARC generator

  • Faster setup than hand-writing tags
  • Lower risk of syntax errors
  • Easier rollout from monitoring to enforcement

What the key DMARC tags mean

  • : policy applied to messages that fail authentication (none, quarantine, reject)
  • : policy for subdomains (optional)
  • : aggregate report mailbox (recommended for monitoring)
  • : forensic report mailbox (optional and not always supported)
  • : percentage rollout for staged enforcement

DMARC policy tips

  • Start with to monitor traffic
  • Move to when SPF and DKIM are stable
  • Enforce when legitimate senders align correctly

After publishing the record, allow time for DNS propagation and then validate it using the DMARC validator.