DMARC Record Generator

Blacklist Checker

Generate a DMARC Record for your domain with the ExactVerify easy-to-use DMARC Record Generator Tool. Create a valid DMARC record in seconds and add it to your DNS to monitor email activity, prevent spoofing, and protect your domain from unauthorized use. Improve email authentication and visibility with a properly configured DMARC policy. Start generating your DMARC record now.

Anti-Spoofing

Email Authentication

Domain Protection


Advanced Configuration (Optional)

Fine-tune your DMARC setup with:

What Is a DMARC Record?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a policy that helps prevent email spoofing, phishing, and email threats. It enables domain owners to specify how email from their domain should be managed if it fails authentication checks, such as SPF (Sender Policy Framework) or DKIM (DomainKeys Identified Mail).

A DMARC record is a DNS TXT record that works with SPF and DKIM to authenticate emails sent from your domain. By publishing a DMARC record, domain owners can prevent unauthorized use of their domain, improve email deliverability, and receive reports on email activity to monitor potential security threats.

DMARC Record Checker

How Does a DMARC Record Work?

To implement DMARC, an email domain must have SPF (Sender Policy Framework) or DKIM (DomainKeys Identified Mail) configured, along with a published DMARC record in the domain’s DNS. The DMARC record contains authentication rules that recipient mail servers use to determine how to process incoming emails.

Step 1: Publish a DMARC Record

The domain owner publishes a DMARC DNS record through their hosting provider, setting the authentication rules and making them visible to mail servers worldwide.

DMARC Record Generator working process illustration

Step 2: Recipient Server Checks for a DMARC Record

When an email arrives, the recipient’s mail server checks the sender’s domain to see if a DMARC record exists.

DMARC Policy Generator working process illustration

Step 3: Perform SPF and DKIM Authentication

The server then verifies the email using SPF and DKIM:

  • SPF (Sender Policy Framework): Verifies that the IP address sending the message is approved by your domain’s policies.
  • DKIM (DomainKeys Identified Mail): Validates the email’s digital signature against the domain’s public key to ensure the message hasn’t been altered in transit. Once these checks are complete, DMARC ensures the results align with the sender’s domain policy before deciding whether to deliver, quarantine, or reject the email.

Generate SPF record    
DMARC Record Creator working process illustration

Step 4: Apply the DMARC Policy

Based on the authentication results, the recipient server follows the DMARC policy: None, Quarantine, or Reject.

DMARC DNS Record Generator working process illustration

Step 5: Reporting Back to the Domain Owner

Finally, aggregate and forensic reports are sent to the email addresses mentioned in the DMARC record, helping domain owners monitor usage, track email activity, and identify spoofing attempts.

DMARC Record Builder working process illustration

How To Use the ExactVerify DMARC Record Generator

The ExactVerify DMARC Record Generator streamlines this process, enabling you to quickly generate a valid DMARC TXT record in just a few steps, thereby ensuring robust email security and improved deliverability.

Step-by-Step Guide To Generate a DMARC Record From DMARC Record Creator

Use the DMARC record generator to create a DMARC Record in simple steps outlined below:

1. Enter Your Domain

Type in the domain you want to protect (e.g., yourdomain.com).

Guide to generating a DMARC DNS record
Step-by-step guide to create a DMARC record for your domain

2. Select Your DMARC Policy

Policy (p): Choose how strict you want email authentication to be:

  • None (monitor only): Track email activity without blocking messages.
  • Quarantine: Send suspicious emails to spam or junk folders.
  • Reject: Block unauthenticated emails completely.

Subdomain Policy (sp): Control how subdomains (like mail.yourdomain.com) are handled.

3. Add Report Emails

Aggregate Reports (RUA):
Daily reports with SPF, DKIM, and DMARC results.

Forensic Reports (RUF):
Real-time forensic reports when an email fails authentication.

Step-by-step guide for DMARC Record Generator Aggregate Reports (RUA)
Guide for Free DMARC Record Generator Alignment Modes

4. Alignment Modes:

  • DKIM Alignment (adkim): Relaxed (r) (recommended for most) or Strict (s) (for high-security domains).
  • SPF Alignment (aspf): Relaxed (r) (recommended for most) or Strict (s) (for high-security domains).

5. Reporting Percentage (pct):

Apply policy to 100% of emails (default) or test with a lower percentage.

Free DMARC Record Generator Reporting Percentage (pct)
Step-by-step guide for DMARC Record Builder Report Interval (ri)

6. Reporting Interval (ri):

The default interval is 24 hours (86,400 seconds).

7. Failure Option (fo):

Specifies when forensic reports are generated based on SPF or DKIM failures.

Step-by-step guide for DMARC Record Builder Failure Options (fo)
DMARC TXT Record Generator – Step-by-step guide to generate

8. Generate Your DMARC Record

Click Generate to create your DMARC TXT record instantly.

9. Publish in Your DNS

Add the record to your DNS:

  • Hostname: _dmarc
  • Type: TXT
  • Value: Paste the generated DMARC record

Propagation may take 24–48 hours, depending on your DNS provider.

Generate DMARC DNS Record – Step-by-step guide to generate

Understanding DMARC Tags in a Generated DMARC Record

A DMARC record is a plain-text string containing specific tags that define your email authentication policy. The DMARC Record Creator simplifies this by generating this string for you. Below is an overview of the most common DMARC tags:

Tag Purpose Description
v Protocol Version Identifier Must be set to "DMARC1". This tag signals that the record is a valid DMARC policy.
p Domain Policy Defines the action for emails failing DMARC checks: "none" (monitor only), "quarantine" (send to spam), or "reject" (block delivery).
rua Aggregate Report URI Specifies the email address to receive daily aggregate reports in XML format, providing overall email traffic statistics.
ruf Failure Report URI Specifies the email address to receive forensic (failure) reports for individual authentication failures.
sp Subdomain Policy Sets the DMARC policy specifically for subdomains (e.g., blog.yourdomain.com).
adkim DKIM Alignment Mode

Sets DKIM identifier alignment: "r" (relaxed, default) or "s" (strict).

For example, mail.example.com aligns with example.com

aspf SPF Alignment Mode

Sets SPF identifier alignment: "r" (relaxed, default) or "s" (strict).

For example, example.com must match example.com precisely.

fo Failure Reporting Options Controls conditions triggering forensic reports: e.g., "1" for any failure, "0" for all failures.
pct Policy Application Percentage Percentage (0–100) of emails the DMARC policy should apply to; useful for phased rollouts.
ri Aggregate Report Interval Frequency (in seconds) for receiving aggregate reports; default is 86400 (24 hours).

Example of a DMARC record:

v=DMARC1; p=none; sp=none; pct=100; rua=mailto:dmarc_reports@yourdomain.com; ruf=mailto:dmarc_reports@yourdomain.com; ri=86400; aspf=r; adkim=r;

Our Other Useful Email Tools

Free Email Verification

Free SPF Record Generator

Create SPF records to prevent email spoofing
Free DKIM Generator

Free DKIM Generator

Generate DKIM records for email authentication
Free Blacklist Checker

Free Blacklist Checker

Check if your domain is blacklisted

Frequently Asked Questions

A DMARC policy instructs receiving mail servers on how to manage emails that fail SPF and DKIM authentication. It helps protect your domain from spoofing and phishing, ensuring only legitimate emails reach your recipients.

After publishing your DMARC record, monitor its performance through aggregate reports. These reports indicate which emails pass or fail authentication, enabling you to detect and address potential spoofing attempts.

Yes. DMARC relies on SPF and DKIM to verify the authenticity of emails. Ensure both SPF and DKIM are properly configured before implementing DMARC to prevent legitimate emails from being blocked. Try ExactVerify DKIM Record Generator to generate DKIM records easily and secure your email authentication.

  • None: Monitor email activity and receive reports without affecting email delivery.
  • Quarantine: Send emails that fail authentication to recipients' spam or junk folders.
  • Reject: Completely block unauthorized emails from being delivered.

Add the generated DMARC record as a TXT record in your domain’s DNS settings. Use _dmarc as the Hostname (or dmarc.yourdomain.com, depending on your DNS provider), and paste the generated record into the value field.

DNS changes usually take 24–48 hours to propagate. Once propagation is complete, receiving servers will enforce your DMARC policy, and reporting will begin.

Yes. Even if your domain doesn’t send emails, having a DMARC record helps prevent attackers from spoofing your domain, protecting your brand and your email recipients from phishing attacks.

Manually creating a DMARC record can be complex, and even minor errors may cause it to fail. The ExactVerify DMARC Generator ensures your record is correctly formatted, reducing errors and helping you protect your domain more efficiently.
FAQ for ExactVerify's Free Email Validation Checker

Cookies Consent

We want you to have the best possible user experience on our website. We use cookies to analyze how visitors like you use our website, so we can make improvements. And we use cookies to make sure that the website functions normally. For more info, see our privacy policy.