DMARC Record Generator

How strict do you want your DMARC Policy to be?

None Quarantine Reject

Do you want a different policy to be applied to Sub-domains?

None Quarantine Reject

Which DKIM Identifier alignment option should be used?

Relaxed Strict

Which SPF Identifier alignment option should be used?

Relaxed Strict

What Percentage of email do you want to apply this policy to?

Generate Failure Reports When

All Checks Fails Any Check Fails

Which Report Format option should forensic reports be sent in?

AFRF IODEF

How often should aggregate reports be sent?

Where do you want Aggregate Reports mailed to?

Where do you want Forensic Data to be mailed to?

How strict do you want your DMARC Policy to be?	None Quarantine Reject ? DMARC specifies 3 different possible policy actions to assign to messages which fail DMARC checks. If you are new to publishing a DMARC policy, you should begin with a policy of Monitor only (p=None) so that you can collect and analyze data without affecting your email traffic. None – (most lenient) Tells receivers to take no special action on failing messages, but send DMARC data to the specified reporting addresses. Quarantine – (more strict) Tells receivers to place messages which fail DMARC into the recipient’s spam folder or other quarantined area where the message may be reviewed with suspicion. Reject – (most strict) Tells receivers to reject any messages which fail DMARC and report on the action in DMARC data. Rejected messages will never be available to the recipient.
Do you want a different policy to be applied to Sub-domains?	None Quarantine Reject ? By default, a domain’s DMARC policy applies to all of its sub-domains. DMARC allows you to apply a different policy to sub-domains if you wish; however, whichever sub-domain policy you specify will apply to all sub-domains. If you want a different policy for specific sub-domains, publish a DMARC record specifically for that sub-domain. DMARC specifies 3 different possible policy actions to assign to messages which fail DMARC checks. If you are new to publishing a DMARC policy, you should begin with a policy of Monitor only (p=None) so that you can collect and analyze data without affecting your email traffic. None – (most lenient) Tells receivers to take no special action on failing messages, but send DMARC data to the specified reporting addresses. Quarantine – (more strict) Tells receivers to place messages which fail DMARC into the recipient’s spam folder or other quarantined area where the message may be reviewed with suspicion. Reject – (most strict) Tells receivers to reject any messages which fail DMARC and report on the action in DMARC data. Rejected messages will never be available to the recipient.
Which DKIM Identifier alignment option should be used?	Relaxed Strict ? Relaxed alignment allows for the DKIM signing domain and header from domain to be sub-domains of each other. Strict alignment requires the two domains be an exact match.
Which SPF Identifier alignment option should be used?	Relaxed Strict ? Relaxed alignment allows for the DKIM signing domain and header from domain to be sub-domains of each other. Strict alignment requires the two domains be an exact match.
What Percentage of email do you want to apply this policy to?	? The percentage of messages from the domain for which the policy will be applied. For example, if you specify a “reject” policy and 50%, then the reject policy will only be applied to a random 50% of the messages failing DMARC Authentication by the receiver.
Generate Failure Reports When	All Checks Fails Any Check Fails ? You can instruct DMARC receivers under which failure conditions you would like to receive forensic reports.
Which Report Format option should forensic reports be sent in?	AFRF IODEF ? While the DMARC specification allows both AFRF and IODEF formats for foresnix reports, currently the only format sent by DMARC receivers is AFRF.
How often should aggregate reports be sent?	? While the DMARC specification allows you to request DMARC aggregate reports in different time intervals, in reality all current DMARC implementations only send reports in 24 hour increments.
Where do you want Aggregate Reports mailed to?	mailto: ? DMARC aggregate data about messages from this domain will be emailed to used email.
Where do you want Forensic Data to be mailed to?	mailto: ? Samples of messages failing either DMARC-SPF or DMARC-DKIM will be emailed to used email if the email receiver supports this feature of the DMARC specification.