EmailAudit.io

DMARC Record Generator

Configure your DMARC policy, reporting addresses, and alignment settings. Your record is built in real time below.

Receive daily XML reports showing which emails passed and failed authentication. Strongly recommended.

mailto:

Receive per-message failure reports. Note: many providers have discontinued ruf reporting for privacy reasons.

mailto:
Generated Record· updates as you type
v=DMARC1; p=none

DNS Instructions

  • Record type: TXT
  • Host / Name: _dmarc (or _dmarc.yourdomain.com)
  • TTL: 3600 (1 hour)
  • • Start with p=none to collect reports before enforcing quarantine or reject.
Verify with DMARC Checker

Frequently Asked Questions

What DMARC policy should I start with?

Always start with p=none. This monitoring-only mode lets you receive aggregate reports showing which emails pass or fail authentication, without affecting mail delivery. Once you have reviewed the reports and confirmed all legitimate senders are passing, move to p=quarantine (spam folder), then finally to p=reject (block completely).

What is the rua tag in a DMARC record?

The rua tag specifies where aggregate DMARC reports are sent. These are XML files delivered daily by receiving mail servers, showing a summary of all emails sent from your domain and whether they passed SPF and DKIM. Setting rua is strongly recommended — without it, you have no visibility into your authentication results.

What is DMARC alignment and should I use relaxed or strict?

DMARC alignment determines how strictly the authenticated domain must match the From domain. Relaxed alignment (adkim=r; aspf=r) allows matching subdomains and is the default. Strict alignment (adkim=s; aspf=s) requires an exact match. Most organisations should use relaxed alignment — strict alignment can cause legitimate mail to fail if you use subdomains for sending.

What does the pct tag do in a DMARC record?

The pct (percentage) tag applies the DMARC policy to only that percentage of failing mail. For example, pct=20 with p=quarantine would send 20% of failing emails to spam and deliver the rest. It is useful for gradually rolling out quarantine or reject without risking legitimate mail being blocked. Default is pct=100.

Where does a DMARC record go in DNS?

A DMARC record must be published as a TXT record at _dmarc.yourdomain.com — the subdomain _dmarc directly under your domain. For example, if your domain is example.com, the record goes at _dmarc.example.com. The record starts with v=DMARC1 and must follow the correct semicolon-separated tag format.