Result for:
Suggested Record:

The below record is updated as you modify the fields.

What is an Online DMARC Record?


Generating the DMARC record is not complex, although the important part is that its syntax should correspond with DMARC standards. Our free DMARC record generator helps you to create a DMARC record easily. Further, you can use our DMARC record checker to validate your DMARC record.

DMARC, the short form of Domain-based Message Authentication, Reporting, and Conformance, is the TXT record added to your domain DNS records to publish the DMARC.

 

Why is it Important?


DMARC is a protocol that works with SPF and DKIM to ensure the authentication of emails. It protects your domain from any abusive activity. Protects your domain from hackers and other attackers from spoofing and gives you the ability to monitor and control it. It ensures that phishing emails and malware cannot be sent from your email address. The DMARC also supplements SMTP, a simple mail transfer protocol to send emails. Because the SMTP does not itself include any mechanism or practices to define policies for email authentication.

 

How does a DMARC record work?

DMARC checks SPF and DKIM records of the coming email. If it passes the test, it goes through. But, if there is an error, suppose the received mail fails the test, the recipient server implements the DMARC policy. Later on, the recipient can send a report to the domain owner about such incidents.

Based on the DMARC record's content, the recipient mail server

  1. Allow the email to continue delivery.
  2. Quarantine the email.
  3. Reject the email.

Usually, the policy, p=none is preferred. It's the least restrictive policy that ensures email delivery. With that policy, you can get the reports if something is misconfigured or someone else is using your domain for spoofing purposes.

Using "p=quarantine" or "p=reject" may even put your sent emails to spam or rejected if your DMARC record is misconfigured.

Thus, start with the p=none policy. If you start to get suspicious sending reports, change that to the p=quarantine policy.

How does a DMARC work with subdomains?

Usually, the DMARC policy set for the organizational domain is applied to all its subdomains unless the domain owner publishes the DMARC record for a specific domain. The domain owner may publish the separate DMARC policy for all subdomains with the "sp" tag. Its syntax is the same as the "p" tag. The sp=none means whatever policy is adopted for the main domain. The subdomain follows the policy of "none."

For example, if the example.com DMARC's policy is p=reject. But the DMARC policy of email.example.com is sp=none. Then hackers and attackers can impersonate the brand and can cause problems.

How to create a free DMARC record?

Our DMARC record generator makes the process relatively easy. It facilitates you to create your own error-free DMARC DNS record for your domain.

  • To create a DMARC record for your domain or subdomain, please follow the below-provided instructions.
  • Open the DMARC Record Generator.
  • Enter the domain name in the space provided for that purpose.
  • Click on the "DMARC Generate" button.
  • A form will appear that you need to fill out.
  • Select the Policy/Reporting Mode. Three options are there.
    • None: Treat the email the same, as it would be without any DMARC validation.
    • Quarantine: Accept the email but place it somewhere else other than the recipient's inbox.
    • Reject: Reject the email that fails DMARC validation.
  • Select the percentage of the emails on which you want to apply the DMARC policy. The pct value is in integers ranging from 1 to 100, with 100 being the default if no pct tag is included in the DMARC record. Suppose a DMARC record with p=reject; pct=60 rejects 60% of the emails that fail DMARC authentication. The remaining 40% fall to the following lower policy in the sequence which is quarantine. Kindly note that the pct tag does not work on the "none" policy.
  • In the "Email" section, enter the email address where you want to send the DMARC reports and select "Size" and "Unit."
  • In the "Forensic Email" section, enter the email address where you want to send the Forensic reports and select "Size" and "Unit."
  • If you want more options, like creating the DMARC Policy for the subdomains, then click on the "Show Advanced" text for more options.

How to add a DMARC record?

For adding the DMARC record, you have to edit the DNS records of your domain. The DNS records are the set of instructions for the server, where to find the site's content, like email mailbox, and more. To edit your domain DNS records.

  • Access your DNS as an administrator.
  • It's easy to add a DMARC record to your DNS. Go to the DNS records screen, and click on add a record to add a DMARC record.
  • DMARC record is a TXT record, so select the "Type" as TXT.
  • In the "Name" field, type "_dmarc." with the period (dot) at the end. Some hosts do not require a "dot," so you can select which one your host prefers.
  • In the larger field, generally, the "Content" field, add the DMARC record. Suppose we have the following DMARC syntax. "v=DMARC1; p=reject; rua=mailto:me@example.com"
  • Select the TTL (Time to Live) value (the expiration date of your DNS record). Generally, it prefers to remain in the "Auto" setting.
  • Save your DMARC record to add that rule to your DNS records.

What are the standard tags used in a DMARC record?

Some common tags include

  • v= is a required tag. It is used for the Protocol version, for example, v=DMARC1. The version should always be DMARC1. An incorrect or missing DMARC version will cause the DMARC record to be ignored, which makes the DMARC record ineffective.
  • p= is a required tag. It is used for assigning the policy, for example, p=quarantine.
  • pct= is an optional tag. It is used for assigning the
  • % of messages subjected to filtering that fails the DMARC test, for example, pct=20.
  • rua= is an optional tag. It is used for Reporting UTI of the aggregate report, for example, rua=mailto:postmstr@domain.com.
  • sp= is an optional tag. It is used for defining the policy for the subdomains, for example, sp=r.
  • aspf= is an optional tag. It is used for the alignment mode for SPF, for example, aspf=r.