DMARC Record Generator

Create a valid DMARC record in just a few clicks.

1

Domain

2

ESP

3

Email

4

DMARC value

Let's get started!

Please provide the domain for which you'd like to generate a DMARC record

Our DMARC generator is a free online tool that helps you quickly and easily create your own DMARC records, boosting your overall email security and deliverability.

  1. Enter the domain for which the DMARC record should be created.
  2. Choose your ESP (Email Service Provider) or email outreach tool.
  3. Specify the email address for your new DMARC record.
  4. Hit the "Next" button, and you're all set!

What is a DMARC record?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a TXT record protocol built upon SPF and DKIM that specifies the policy for how your domain should handle email authentication.

Here is a simple example of what a DMARC record can look like:

v=DMARC1; p=none; pct=100; rua=mailto:[email protected]; sp=none

The purpose of DMARC records is to protect email domains from being used for phishing, spoofing, and other email-based attacks. They also provide a way for receiving mail servers to report back to the sending domain about any messages that fail security checks.

Why is a DMARC record important?

A DMARC record is a necessary component of overall email protection as well as plays an important role in email deliverability and domain reputation.

This not only safeguards the organization but also builds trust with customers and partners who rely on email communications.

a) Improved security

Implementing a DMARC record significantly enhances email security by verifying the authenticity of the sender's domain.

When used in conjunction with SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), DMARC creates a robust framework for email authentication, ensuring that only legitimate emails are delivered from your domain.

b) Boosted deliverability

A DMARC record can substantially improve email deliverability rates by reducing the likelihood of legitimate emails being marked as spam or rejected by email servers.

The DMARC reports provide insights into email authentication failures, including instances of spoofing, which help you diagnose and address issues that could be causing valid emails to bounce or decreasing your email deliverability.

c) Protected email reputation

DMARC also plays a crucial role in protecting and enhancing the email reputation of an organization's domain.

By adopting DMARC policies, organizations demonstrate their commitment to secure email practices, which can positively influence their reputation among email service providers and recipients.

A strong email reputation means that emails sent from the domain are more likely to be trusted and accepted by recipient servers, reducing the risk of being blacklisted.

How does a DMARC record work?

DMARC checks both the SPF and DKIM records of any incoming email that a recipient receives.

Whenever a recipient server gets an email message, it first checks whether the email passed the SPF and DKIM authentication.

If the message fails these checks, the recipient's server implements the DMARC policy, which determines how to handle the message based on the following options:

  • None: No action will be taken against non-authenticated emails.
  • Quarantine: The email that failed the authentication process will be marked as "suspicious" and placed in the quarantine area of the mail server.
  • Reject: The ISP will reject the email that did not pass the authentication process.

DMARC tags and values explained

Tags Descriptions
v The version tag is a required part of the DMARC record and should only have the allowed value DMARC1.
p This tag allows values "none" (no action against non-authenticated emails), "quarantine" (marks non-authenticated emails as suspicious and puts them into quarantine), and "reject" (blocks the non-authenticated emails).
rua Serves as the "mailto:" URI for aggregated report destination, which ESPs use to send summary reports.
ruf Serves as the "mailto:" URI for forensic report destination, which ESPs use to send detailed failure reports.
sp This tag serves as a subdomain policy inherited from the main policy tag (p) unless specified differently.
adkim This tag serves as a DKIM signature alignment mode, which follows the alignment between the DKIM domain and the Header From domain.
aspf This tag serves as an SPF alignment mode and follows the alignment between the SPF domain (the sender) and the Header From domain.
fo Forensic report options, which generate a forensic report in case SPF or DKIM fail to create an alignment pass.
rf Serves as a reporting format for failure reports, with allowed values being "afrf" and "iodef".
pct Used for domains with the "quarantine" or "reject" policy and indicates the percentage of emails that should follow the given policy if they fail.
ri Marks the frequency of received XML reports (in seconds).

How to create and implement a DMARC record?

Although you can create a DMARC record manually (if you know the syntax), generating proper DMARC records with our generator is a much simpler and more effective solution.

The DMARC record generator by EmailListVerify can help you create records in a matter of seconds, allowing you to implement them right away.

After generating the record, simply copy it and go to the DNS zone of your domain. Then, paste the TXT record, update your setup, and you're done!

Frequently asked questions

What is a DMARC generator?

A DMARC generator is a tool that helps you create DMARC (Domain-based Message Authentication, Reporting, and Conformance) records easily and accurately.

It simplifies the process by guiding you through the required fields and automatically generating the correct syntax for your DNS setup.

With our free DMARC generator, you can create your own DMARC records in just a matter of seconds.

Can you set up DMARC for free?

Absolutely! You can set up DMARC for free using our online DMARC generator and then go directly to your DNS to set it up right away.

What is a DMARC report?

A DMARC report provides detailed information about the email activities related to your domain, helping you identify and address potential email authentication issues.

These reports include data on email sources, authentication results, and actions taken, aiding in the analysis of email security and compliance.

Who can use the DMARC records?

DMARC records can be used by domain owners to protect their domains from email spoofing and phishing attacks.

They are also utilized by email service providers (ESPs) and IT administrators to ensure email authentication and compliance with DMARC policies set by the domain owner.

Can I create a DMARC record without SPF and DKIM?

DMARC relies on the results of SPF and DKIM checks to validate email authenticity, so ensuring both are properly configured is essential for DMARC to function correctly.

Why did my DMARC record check fail?

A DMARC record check can fail for several reasons, including incorrect syntax, DMARC alignment failure, missing or invalid DKIM signature, etc.