DMARC helps prevent email spoofing and protects your domain's reputation. It's recommended by leading email providers and security experts.
✓ Ensure you have SPF records configured for your domain
✓ Set up DKIM signing for your outgoing emails
✓ Have access to modify your domain's DNS records
✓ Prepare email addresses for receiving DMARC reports
Other tools: SPF Record Generator | SPF Record Lookup | SPF Record Verification | DKIM Record Verification | DKIM Record Generator | DKIM Record Lookup | DMARC Record Lookup | DMARC Record Verification
Generate a DMARC record for your domain with customizable policy settings. DMARC helps protect your domain from email spoofing and phishing attacks.
DMARC prevents unauthorized use of your domain for phishing attacks and spam campaigns.
Receive detailed reports about emails sent using your domain and track authentication results.
Enhance email deliverability by proving to receivers that your emails are legitimate.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that helps protect your domain from email spoofing and phishing attacks. Below is a detailed explanation of each DMARC setting and how to use it effectively.
The "none" policy is recommended when starting with DMARC. It allows you to monitor email authentication results without affecting email delivery. Use this policy to understand your email ecosystem and identify legitimate email sources.
The "quarantine" policy tells receiving mail servers to treat suspicious emails with caution, typically by sending them to the spam folder. This is a good intermediate step after monitoring and before implementing a reject policy.
The strictest policy, "reject" instructs receiving mail servers to refuse delivery of emails that fail DMARC authentication. Only implement this after thoroughly testing with "none" and "quarantine" policies to avoid blocking legitimate emails.
The subdomain policy (sp=) allows you to set different DMARC policies for subdomains of your main domain. If not specified, subdomains inherit the main domain's policy. Consider setting a stricter policy for subdomains if they're not used for sending emails.
The percentage setting (pct=) defines what portion of your emails should be subject to DMARC filtering. Start with a low percentage (e.g., 10%) and gradually increase it to 100% as you gain confidence in your DMARC configuration. This helps minimize the risk of accidentally blocking legitimate emails during implementation.
Aggregate reports provide daily summaries of email authentication results. They include:
Forensic reports provide detailed information about individual authentication failures. These reports may contain sensitive information and should be sent to secure email addresses. They're useful for:
AFRF (Aggregate Failure Reporting Format) is the standard format for DMARC reports. IODEF (Incident Object Description Exchange Format) is an alternative used by some organizations for specific use cases.
The reporting interval specifies how often you want to receive DMARC reports, in seconds. The standard interval is 86400 seconds (24 hours). You can adjust this between 3600 seconds (1 hour) and 604800 seconds (7 days) based on your monitoring needs.
After generating your DMARC record, add it as a TXT record to your domain's DNS settings with the name "_dmarc". For example, if your domain is example.com, create a TXT record at _dmarc.example.com with the generated DMARC policy.
Note: Allow 24-48 hours for DNS changes to propagate fully. Monitor your email delivery during this period to ensure everything works as expected.