DMARC Record Generator

DMARC Record Generator

Generate your DMARC record quickly and ensure your domain’s email security with our DMARC Record Generator. This free tool makes it easy for anyone to create a DMARC record, crucial for protecting your email from phishing, spoofing, and other malicious activities.

i

The domain name for which you are creating or modifying a DMARC record. You can enter a single domain or a comma-separated list of domain names.

How It Works

  1. Choose Your DMARC Policy: Decide how strict you want your DMARC policy to be to protect your domain.
  2. Sub-domain Policy: Specify if you want a different policy applied to your sub-domains.
  3. DKIM and SPF Alignment: Select the DKIM and SPF identifier alignment options that best suit your email security needs.
  4. Policy Application Percentage: Determine what percentage of your email traffic you want the DMARC policy to apply to.
  5. Reporting Preferences: Choose when to generate failure reports, the format of forensic reports, how often aggregate reports should be sent, and where these reports should be mailed.
How strict do you want your DMARC Policy to be?

i

DMARC specifies 3 different possible policy actions to assign to messages which fail DMARC checks. If you are new to publishing a DMARC policy, you should begin with a policy of Monitor only (p=None) so that you can collect and analyze data without affecting your email traffic.

  • None – (most lenient) Tells receivers to take no special action on failing messages, but send DMARC data to the specified reporting addresses.
  • Quarantine – (more strict) Tells receivers to place messages which fail DMARC into the recipient’s spam folder or other quarantined area where the message may be reviewed with suspicion.
  • Reject – (most strict) Tells receivers to reject any messages which fail DMARC and report on the action in DMARC data. Rejected messages will never be available to the recipient.
Do you want a different policy to be applied to Sub-domains?

i

By default, a domain’s DMARC policy applies to all of its sub-domains. DMARC allows you to apply a different policy to sub-domains if you wish; however, whichever sub-domain policy you specify will apply to all sub-domains. If you want a different policy for specific sub-domains, publish a DMARC record specifically for that sub-domain.

DMARC specifies 3 different possible policy actions to assign to messages which fail DMARC checks. If you are new to publishing a DMARC policy, you should begin with a policy of Monitor only (p=None) so that you can collect and analyze data without affecting your email traffic.

  • None – (most lenient) Tells receivers to take no special action on failing messages, but send DMARC data to the specified reporting addresses.
  • Quarantine – (more strict) Tells receivers to place messages which fail DMARC into the recipient’s spam folder or other quarantined area where the message may be reviewed with suspicion.
  • Reject – (most strict) Tells receivers to reject any messages which fail DMARC and report on the action in DMARC data. Rejected messages will never be available to the recipient.
Which DKIM Identifier alignment option should be used?

i

Relaxed alignment allows for the DKIM signing domain and header from domain to be sub-domains of each other. Strict alignment requires the two domains be an exact match.

Which SPF Identifier alignment option should be used?

i

Relaxed alignment allows for the DKIM signing domain and header from domain to be sub-domains of each other. Strict alignment requires the two domains be an exact match.

What Percentage of email do you want to apply this policy to?

i

The percentage of messages from the domain for which the policy will be applied. For example, if you specify a “reject” policy and 50%, then the reject policy will only be applied to a random 50% of the messages failing DMARC Authentication by the receiver.

Generate Failure Reports When

i

You can instruct DMARC receivers under which failure conditions you would like to receive forensic reports.

Which Report Format option should forensic reports be sent in?

i

While the DMARC specification allows both AFRF and IODEF formats for foresnix reports, currently the only format sent by DMARC receivers is AFRF.

How often should aggregate reports be sent?

i

While the DMARC specification allows you to request DMARC aggregate reports in different time intervals, in reality all current DMARC implementations only send reports in 24 hour increments.

Where do you want Aggregate Reports mailed to?

i

DMARC aggregate data about messages from this domain will be emailed to used email.

Where do you want Forensic Data to be mailed to?

i

Samples of messages failing either DMARC-SPF or DMARC-DKIM will be emailed to used email if the email receiver supports this feature of the DMARC specification.



Features of Our DMARC Record Generator

🪄 Free Tool

Our DMARC Record Generator is a free tool designed for easy setup and use.

⚙️ Customizable

Create a DMARC record that fits your domain’s specific needs with customizable options.

🛡️ Enhanced Email Security

Protect your domain from email spoofing and phishing attacks.

📊 Comprehensive Reporting

Learn from DMARC reports to improve your domain’s email security posture.

Protect your email and domain today by generating a DMARC record that aligns with your security needs. Our tool is designed to be intuitive and user-friendly, ensuring that you can easily create a DMARC record without needing to be an expert in email security.