DMARC Builder
Build a valid DMARC TXT record to protect your domain from email spoofing. Configure policy, reporting, alignment, and subdomain handling.
Try DMARC Builder →What It Does
The DMARC (Domain-based Message Authentication, Reporting & Conformance) Builder generates a valid DMARC TXT record for your domain. DMARC tells receiving mail servers what to do with email that fails SPF or DKIM checks — monitor it, quarantine it, or reject it outright.How to Use It
- Navigate to DNS Tools → DMARC Builder from the top menu.
- Enter your domain name.
- Select a domain policy (none, quarantine, or reject).
- Optionally set a subdomain policy if different from the main domain.
- Set the percentage of failing email the policy applies to (use less than 100% for gradual rollout).
- Enter an email address for aggregate reports (rua) — strongly recommended.
- Optionally enter an address for forensic reports (ruf).
- Choose DKIM and SPF alignment mode (relaxed or strict).
- Click Generate DMARC Record.
- Copy the record and publish it as a TXT record at
_dmarc.yourdomain.com.
Recommended Rollout Strategy
- Start with p=none: Monitor for 2-4 weeks. Review aggregate reports to identify all legitimate senders.
- Move to p=quarantine at 10%: Gradually increase the percentage as you confirm legitimate mail passes.
- Increase to p=quarantine at 100%: All failing email goes to spam.
- Final: p=reject: Unauthorized email is blocked entirely. This is the target state.
Use Cases
- Anti-spoofing: Prevent attackers from sending email that appears to come from your domain.
- Email deliverability: DMARC helps legitimate email reach inboxes by proving domain ownership.
- Compliance: DMARC is required by many regulatory frameworks and email providers (Google, Yahoo require it since 2024).
- Visibility: Aggregate reports show who is sending email as your domain — both legitimate and fraudulent.