Free DMARC record generator

Build a DMARC record the safe way — start in monitor mode, see who's sending as your domain, then graduate to full enforcement without dropping a single legitimate email.

Your domain

Enforcement policy

Start at Monitor— see who's sending as you before you block anything.

Send reports to

Where mailbox providers send their daily aggregate reports. Separate multiple with commas.

Publish this record

Type

TXT

Host / name

_dmarc.<your-domain>

Value

v=DMARC1; p=none

Validation

weak

vDMARC version 1.

pMonitor-only — no enforcement. Receivers ignore alignment failures.

ruaNo `rua=` reporting address — you'll get no aggregate reports.

The safe rollout to enforcement

Monitor (p=none)

Publish p=none with a reporting address and change nothing else for 2–4 weeks. Reports show you every source sending as your domain — including the ones you forgot about.

Quarantine a slice (p=quarantine; pct=25)

Once your real senders pass SPF or DKIM aligned, quarantine 25% of failing mail. Watch reports for a week, then raise pct toward 100.

Quarantine all (p=quarantine)

Quarantine 100% of failing mail. Confirm nothing legitimate is landing in spam before the final step.

Reject (p=reject)

Tell receivers to reject unauthenticated mail outright — impersonation is blocked at the door. This is full protection.

Already publishing DMARC? Validate your current record — or feed your aggregate reports into DMARC visibility to see exactly who's sending as you and when it's safe to move to p=reject.

See pricing →

Keep hardening your email

Each record is one layer. Check the rest of yours — every tool is free, no account.

Scan all 8 at once →

SPF builder

Assemble a clean SPF record

SPF analyzer

Count your real DNS lookups

DMARC validator

Grade a record you have

DKIM validator

Check a DKIM key

BIMI check

Get your logo in inboxes

MTA-STS

Force TLS on inbound mail

TLS-RPT

Get TLS failure reports