AI DMARC Record Generator

Design a custom DMARC policy for your domain. Tell receiving mail servers how to handle messages that fail authentication and where to send reports.

Domain Name (Optional)

Main Policy (p) What to do with failing emails?

None (Monitoring)

Collects reports without affecting email delivery.

Quarantine

Unauthenticated emails are sent to spam/junk folders.

Reject Recommended Secure

Unauthenticated emails are blocked outright.

Subdomain Policy (sp)

Optional. Useful if subdomains send different mail types.

Reporting Where to send reports?

Aggregate Reports (RUA)

Highly recommended to find out who is sending mail on your behalf. You will get daily XML reports here.

Forensic/Failure Reports (RUF)

Receive copies of emails that failed DMARC. Useful for debugging.

Advanced Alignment Rules

Percentage (pct) - Apply policy to 100% of emails

Slowly ramp up enforcement (e.g., set to 25% to only quarantine 1/4 of failing emails initially).

DKIM Alignment (adkim)

SPF Alignment (aspf)

"Strict" means the "From" domain must match the SPF/DKIM domains EXACTLY. "Relaxed" allows subdomains to match the root domain.

Disclaimer: This tool generates records based on your inputs for informational purposes. Always review and test DNS changes. We are not responsible for any email delivery issues arising from misconfigured records.

Understanding DMARC Policies

p=none (Monitor)

The starting point. Phishing emails using your domain will still be delivered, but you will receive reports showing exactly who is sending mail on your behalf.

p=quarantine

Emails failing DMARC checks are delivered to the recipient's spam or junk folder. This is a crucial middle step to test your configuration before full enforcement.

p=reject (Enforce)

Ultimate protection. Receiving servers will outright block and bounce any email that fails DMARC authentication, preventing it from ever reaching the inbox.