DNS Checker.eu

DMARC Record Generator

Build a valid DMARC TXT record in your browser: pick a policy, alignment mode and reporting addresses, then copy the finished string into your DNS zone. Nothing you type leaves your device.

Your DMARC record

Publish this as a TXT record on _dmarc.yourdomain:

v=DMARC1; p=none

About DMARC Record Generator

This generator assembles a specification-compliant DMARC record from a few plain-English choices, so you never have to memorise the tag syntax. As you select a policy and fill in reporting addresses it builds the v=DMARC1 string live and shows you exactly what to publish. Because it runs entirely client-side in your browser, the domain and email addresses you enter are never uploaded - a genuine benefit when those values would otherwise reveal your mail topology to a third party.

The policy (p) is the main decision. Start with none to observe without affecting delivery, then move to quarantine and finally reject as your reports confirm legitimate mail is passing. An optional subdomain policy (sp) lets you set a different, often stricter, rule for hosts that never send mail, so a forgotten subdomain cannot be abused.

Reporting and rollout options fill in the rest. The rua address receives aggregate reports and is what makes DMARC useful; ruf collects forensic samples where supported. The pct tag lets you apply enforcement to a percentage of mail for a gradual rollout, and the alignment selectors (adkim and aspf) choose relaxed or strict matching between the authenticated domain and the visible from address.

Once generated, publish the record as a DNS TXT entry on the host _dmarc followed by your domain. After it propagates, confirm it is live and correctly interpreted with our server-side DMARC Checker.

How to use it

  1. 1Choose a policy (p): begin with none to monitor, then tighten to quarantine or reject.
  2. 2Optionally set a subdomain policy (sp) and a rollout percentage (pct).
  3. 3Enter an aggregate report address (rua) and, if wanted, a forensic address (ruf).
  4. 4Pick DKIM and SPF alignment - relaxed or strict.
  5. 5Copy the generated record and publish it as a TXT record at _dmarc.yourdomain.

Common use cases

  • -Standing up DMARC for the first time without memorising tag syntax
  • -Generating a p=none monitoring record before moving to enforcement
  • -Producing a strict-alignment record for a high-value domain
  • -Creating a distinct, stricter policy for non-sending subdomains
  • -Drafting a record privately when the domain names involved are sensitive

Frequently asked questions

How do I create a DMARC record?
Choose a policy (none, quarantine or reject), add an aggregate report address (rua), set alignment, and publish the generated string as a TXT record at _dmarc.yourdomain. This generator assembles the correct v=DMARC1 syntax for you.
Where do I put the DMARC record?
Publish it as a DNS TXT record on the host _dmarc.<yourdomain>, for example _dmarc.example.eu. Use that exact host rather than the apex domain, or receivers will not find the policy.
Which policy should I start with?
Start with p=none, which monitors and reports without affecting delivery. Once aggregate reports confirm your legitimate mail passes, move to p=quarantine and then p=reject.
What is the difference between relaxed and strict alignment?
Relaxed alignment (r) allows a subdomain to match the organisational domain, while strict (s) requires an exact match. Relaxed is the safer default for most senders; strict is tighter but can break legitimate mail if not tested first.
Is the record generated privately?
Yes. The generator runs entirely in your browser, so the domain, policy and reporting addresses you enter stay on your device and are never sent to any server.
What does the pct tag do?
The pct tag sets the percentage of failing messages the policy is applied to, letting you roll out enforcement gradually, such as pct=25. Below 100 it is a phased deployment; at 100 the policy applies to all mail.