Free tool
DMARC Record Generator
Answer a few questions and copy a valid DMARC TXT record — policy, subdomain policy, alignment, reporting addresses, and rollout percentage included. Then publish it at _dmarc.yourdomain.com.
Your DMARC record
v=DMARC1; p=reject;
Publish it
Create a TXT record at _dmarc.yourdomain.com with the value above. Verify it afterwards with the DMARC record checker.
Building a safe DMARC record
Choose your enforcement policy, add a reporting address, and the generator assembles a valid DMARC TXT record with the correct tag syntax. Each option maps to a real tag: p sets the main policy, sp overrides it for subdomains, rua collects aggregate reports, pct rolls the policy out gradually, and aspf/adkim control alignment strictness.
The safe rollout path
Don't jump straight to p=reject on a domain that sends real mail. Publish p=none with a rua address first, read a couple of weeks of reports, fix any legitimate senders that fail SPF or DKIM alignment, then escalate to quarantine and finally reject. Confirm each step with the DMARC checker.
Frequently asked questions
How do I publish a DMARC record?
Generate the record here, then add it as a TXT record in your DNS with the host/name set to _dmarc (so it resolves at _dmarc.yourdomain.com) and the value set to the generated string. DNS changes can take up to a few hours to propagate; verify with the DMARC record checker afterwards.
What policy should I start with?
Start at p=none with a reporting address (rua=) so you can see which sources send mail as your domain without affecting delivery. Once SPF and DKIM are aligned for all legitimate senders, move to p=quarantine, then p=reject for full protection.
Do I need a reporting address?
It's strongly recommended. The rua= aggregate-report address is how you learn which servers send mail using your domain, and it's essential for safely tightening the policy from none to reject without breaking legitimate mail.
What's the difference between relaxed and strict alignment?
Relaxed alignment (the default) allows subdomains to satisfy alignment — mail from sub.yourdomain.com aligns with yourdomain.com. Strict alignment requires an exact match. Most organizations use relaxed unless they have a specific reason to lock alignment down.
Related free tools
Record generators
SPF Record Generator
List the services that send your mail and copy a correct SPF record, with the enforcement qualifier set for you.
Awareness
Phishing Quiz
Realistic email, SMS, QR-code, voice and social scenarios. Guess phishing or legitimate, then see which red flags gave each one away.
Breach & exposure
Data Breach Checker
Enter a company domain to see if it's appeared in known data breaches and dark-web leaks — which breaches, when, and exactly what data was exposed.
DMARC closes the email door.
PhishEye closes the rest — lookalike domains, phishing sites, fake apps, and brand impersonation across every channel.