MailParse/Tools/DMARC Record Generator
Email Authentication

DMARC Record Generator

A DMARC record is a DNS TXT entry that tells email receivers how to handle messages that fail SPF and DKIM authentication checks for your domain. Use this generator to build a valid DMARC record you can add to your DNS settings.

DMARC works alongside SPF and DKIM to protect your domain from spoofing. After generating your record, use the Email Header Analyzer to verify your authentication results. MailParse validates DMARC on every inbound email automatically.

Configure your DMARC record

Fill in the fields below to generate a DMARC TXT record.

Receives daily XML summaries of DMARC results. Separate multiple addresses with commas.

Receives detailed reports for individual DMARC failures. Not all providers support this.

How to generate a DMARC record

Step 1

Enter your domain and preferences

Type your domain name, choose a DMARC policy, and configure reporting emails, alignment settings, and rollout percentage.

Step 2

Copy the generated record

The tool builds a complete DMARC TXT record value. Click the copy button to copy it to your clipboard.

Step 3

Add the TXT record to your DNS

In your DNS provider, create a TXT record with name _dmarc and paste the generated value. Allow up to 48 hours for full DNS propagation.

Frequently asked questions

What is a DMARC record?

A DMARC record is a DNS TXT entry published at _dmarc.yourdomain.com that tells receiving mail servers how to handle emails that fail SPF and DKIM authentication. It specifies a policy (none, quarantine, or reject) and optionally includes addresses for aggregate and forensic reports.

How do I add a DMARC record to my DNS?

Log in to your DNS provider, create a new TXT record with the host/name set to _dmarc (or _dmarc.yourdomain.com depending on your provider), and paste the generated DMARC value as the record content. Changes usually propagate within minutes to a few hours.

Should I start with p=none or p=reject?

Start with p=none so you can monitor aggregate reports and identify all legitimate email sources for your domain. Once you confirm that SPF and DKIM are correctly configured for every sender, move to p=quarantine, and finally p=reject for full protection.

What is the difference between rua and ruf in DMARC?

The rua tag specifies where aggregate (summary) reports are sent, typically daily XML files showing pass/fail statistics. The ruf tag specifies where forensic (failure) reports are sent, which contain details about individual messages that failed DMARC. Not all providers send forensic reports.

What do relaxed and strict alignment mean?

Relaxed alignment (the default) allows the domain in SPF or DKIM to be a subdomain of the From header domain. Strict alignment requires an exact match. Relaxed is recommended for most setups because many legitimate email services sign with subdomains.

Related tools

SPF Record Checker

Validate SPF syntax, lookup count, and common record mistakes to keep your email authentication aligned.

DKIM Checker

Look up DKIM selector records, parse tags, validate key strength, and surface fixes for broken DKIM setups.

Email Header Analyzer

Paste raw headers to inspect SPF, DKIM, and DMARC results on a real message and trace message hops.

Need DMARC validation on every inbound email?

MailParse captures headers, authentication results, MIME structure, and webhook-ready JSON so you can debug deliverability without manual DNS lookups.

Get Started FreeLearn more about MailParse