Create a valid DNS TXT record for your domain in seconds. Choose your policy, add a reporting address, and copy the result directly into your DNS, no account required.
Please publish the following DNS TXT Record on the subdomain _dmarc.YOURDOMAIN.com
TXT_dmarcv=DMARC1; p=none; fo=1Add an aggregate (rua) address to start receiving reports, the point of p=none is to collect data before enforcing.
The DMARC Record Generator builds a syntactically correct DNS TXT record for _dmarc.yourdomain.com. You choose enforcement policy, reporting addresses, alignment modes, and RFC 9989 tags, then copy a ready-to-publish value into your DNS.
DMARC tells mailbox providers what to do when SPF or DKIM fail for mail using your domain, and where to send aggregate reports about authentication results.
Define how receivers handle unauthenticated mail claiming to be from your domain.
Aggregate (rua) reports show every source sending as your domain, legitimate or not.
Supports modern tags like np, t, and psd for safer gradual enforcement.
Get the exact Host and TXT Value to paste into any DNS provider.
Select p=none to monitor, quarantine for soft enforcement, or reject to block failing mail.
Enter rua for daily aggregate reports. Optionally add ruf for forensic failure reports.
Set subdomain (sp), non-existent subdomain (np), testing mode (t), and alignment (adkim/aspf).
Paste the Host (_dmarc) and Value into your DNS provider, then verify with the DMARC Checker.
The generator updates in real time as you change options. Review the tag breakdown to confirm each value before publishing.
Informational tips such as adding rua or explaining testing mode, not errors.
Important notices like p=none being monitor-only or missing rua configuration.
Shown in the tag breakdown when enforcement is active, confirm all senders are aligned first.
Monitoring mode, mail is not blocked. Use this to collect data before tightening policy.
Publish at _dmarc, most DNS panels append your domain automatically.
The full DMARC TXT string starting with v=DMARC1.
Explains each tag in the generated record with RFC 9989 status badges.
Root, existing subdomain, and non-existent subdomain policies.
Where aggregate and forensic DMARC reports are delivered.
Monitor for 1-2 weeks with rua configured before moving to quarantine or reject.
Without aggregate reports you cannot see misaligned senders or fix authentication gaps.
Begin with adkim=r and aspf=r to avoid breaking forwarded mail, then tighten gradually.
Use the DMARC Checker to confirm the record is live and syntactically valid in DNS.
It builds a valid DMARC DNS TXT record from your chosen policy and options, so you avoid syntax errors when publishing to DNS.
A common monitor-only record: v=DMARC1; p=none; rua=mailto:reports@yourdomain.com; adkim=r; aspf=r; fo=1;
Always start with p=none. Review aggregate reports, fix SPF/DKIM for all legitimate senders, then move to quarantine and finally reject.
np (RFC 9989) sets policy for subdomains that have never sent mail, useful to block typosquatting on unused subdomain names.
t=y asks receivers to apply a softer policy during rollout. Remove it once you are ready for full enforcement.
rua (aggregate) is strongly recommended. ruf (forensic) is optional and can generate high volume, many teams skip it initially.
RFC 9989 deprecates pct in favor of t=y for gradual rollout. Use testing mode instead of partial percentage enforcement.
SenderSignal monitors these signals continuously: 48 blacklists, SPF, DKIM, DMARC, TLS and more, with alerts in Slack, email and signed webhooks.