Create your DMARC email security record in 5 minutes. No coding required — just answer a few questions and copy-paste the result.
Protect your domain from email spoofing and phishing with our beginner-friendly DMARC record builder. Real-time validation ensures your record is correct before deployment. View specs
DMARC (Domain-based Message Authentication, Reporting, and Conformance) protects your domain from email spoofing — when scammers send emails pretending to be you.
It tells email providers like Gmail, Outlook, and Yahoo how to handle suspicious emails claiming to be from your domain. Think of it as an ID check for your emails.
Why you need it: Without DMARC, anyone can send emails that appear to come from your domain, damaging your reputation and tricking your customers. DMARC prevents this by authenticating legitimate emails and blocking fake ones.
No technical skills required. Our DMARC generator uses a simple question-and-answer format. Just select your preferences, and we'll create the DNS record for you. The entire process takes about 5 minutes.
No. We recommend starting with policy "none" which only monitors your email without affecting delivery. You can gradually increase protection to "quarantine" or "reject" after reviewing your reports for a few weeks.
Policy "none" monitors email activity without blocking anything (recommended for beginners). Policy "quarantine" sends suspicious emails to spam folders. Policy "reject" blocks suspicious emails entirely. Always start with "none" and progress based on your reports.
Creating your DMARC record takes about 5 minutes. After adding it to your DNS (usually through your domain registrar like GoDaddy or Cloudflare), allow 5-30 minutes for DNS propagation. You'll start receiving reports within 24-48 hours.
Yes, completely free with no hidden costs. No registration required, no credit card needed. Generate unlimited DMARC records for all your domains.
Yes. Even with trusted email providers, DMARC protects your domain from spoofing and phishing. Gmail and Microsoft 365 both support DMARC and recommend its implementation for all domains sending email.
Yes, you can update your DMARC policy anytime. Simply generate a new record with our tool and update the TXT record in your DNS settings. Changes take effect within 5-30 minutes after DNS propagation.
Our generator validates your DMARC record in real-time to prevent syntax errors. If you need to make changes after deployment, simply update the TXT record in your DNS settings with a new record from our generator. No harm done!
Enter the domain name you send emails from (like example.com). This personalizes the instructions and helps validate your DMARC configuration.
International domains are supported (e.g., münchen.de)
For beginners: Start with "none" to monitor email activity without blocking anything. After a few weeks of monitoring, you can increase protection to "quarantine" or "reject." Learn more
Controls how subdomains (like mail.example.com) are handled. If not set, subdomains follow the same policy as your main domain. Learn more
DKIM alignment: How strictly to check if the email signature matches your domain. "Relaxed" allows subdomains (recommended for most users), while "Strict" requires exact matches. Learn more
SPF alignment: How strictly to check if the sending server is authorized. "Relaxed" is recommended for most users, allowing flexibility with subdomains. Learn more
Daily summary emails: Enter email addresses to receive daily reports showing who is sending emails from your domain. Use commas to add multiple addresses (e.g., [email protected], [email protected]). Learn more
Detailed failure alerts: Email addresses to receive detailed reports when authentication fails. Note: Most email providers don't send these reports, so they're optional and rarely needed. Learn more
When to send detailed alerts: Choose when you want to receive detailed failure reports. The default option (0) is recommended for most users. Learn more
Note about deprecated fields: The DMARC specification includes three deprecated fields (pct, ri, rf) that are being removed in DMARCbis. We don't include these in the generator as they're no longer recommended for new implementations.
_dmarc
⚠️ Important: The record must be created at _dmarc.[your-domain],
not at the root domain. The underscore prefix is required.
This tool creates valid DNS records in seconds. No complex syntax to learn — configure your policy using the intuitive interface and get a production‑ready DMARC record.
Every DMARC record is validated against RFC 7489. The builder checks for syntax errors and warns about potential configuration issues before deployment.
Use this tool completely free without creating an account. Generate unlimited DMARC records for all your domains with no restrictions or hidden fees.
Get step-by-step instructions for deploying your generated DMARC record across popular DNS providers. Includes best practices and troubleshooting tips from email security experts.
You’ve created your record. Now verify it’s deployed correctly with our free DMARC checker.
Check Your DMARC Configuration