Create Your DMARC Record
Quickly generate a DMARC record and apply it to your DNS with ease.
🤯 Setting Up DMARC Is Confusing—We’ll Just Do It For You
Want to skip the hassle? Book a one-time DMARC Setup Call
- ✅ Full setup by an expert
- ✅ No ongoing tools or dashboards required
- ✅ One-and-done—configured correctly from the start
To view this YouTube video, please accept cookies.
Why DIY Can Be a Nightmare
Let's face it — setting up a DMARC record is confusing, error-prone, and downright frustrating.
- ❌ One typo = broken email delivery
- You get raw XML reports made for machines
- ❌ Tons of cryptic tags:
p=quarantine,aspf=s,fo=1… what do they even mean? - ❌ No alerts, no visibility—until something goes wrong
- ❌ DNS formatting is unforgiving — and there's no undo
Want it done right the first time? - Get help from a real person. One-time, no subscription.
What Is a DMARC Record?
A DMARC (Domain-based Message Authentication, Reporting & Conformance) record is a simple text (TXT) entry you add to your domain's DNS settings. It tells mail servers how to handle emails that fail authentication checks like SPF or DKIM.
In plain terms: it's a policy that helps stop spoofing, phishing, and unauthorized email use by telling other servers what to do with suspicious messages—reject, quarantine, or allow them.
🔧 Example DMARC Record:
v=DMARC1; p=none; rua=mailto:app@dmarcflow.com- v=DMARC1: Version
- p=none: Policy (none = take no action)
- rua: Email address where reports should be sent
Without a DMARC record, your domain may still work — but you'll have no visibility into who's using it, no alerts when spoofing happens, and no control over email abuse.
With a DMARC record in place, you get:
- ✔️ Better email security
- ✔️ Insight into unauthorized activity
- ✔️ Stronger trust from mail providers and customers
Frequently Asked Questions
Frequently Asked Questions
DMARCFlow's DMARC Record Generator allows you to create a valid DMARC Record in a few clicks. The generated syntax will meet all your specifications and be ready to publish in your DNS.
Once the record has been generated, copy it and go to your domain's DNS zone. Add a new TXT or CNAME record, then paste the provided DMARC record. Note: Most DNS providers (e.g. GoDaddy) automatically include the domain name in the Host/Name field, so you only need to enter _dmarc.
TXT is the accepted DMARC record format if you're dealing with it manually. When using DMARCFlow's Managed DMARC solution, the type of DMARC record that should be added to the DNS is a CNAME record. A CNAME (canonical name) record is a DNS record that can create an alias for the domain and allow traffic for the domain name to be redirected elsewhere.
Domain alignment is the core DMARC concept. Alignment happens when the domain name in the email's 'From' header matches the sender's email domain. As a result, DMARC passes, indicating that it was a legitimate email. DMARC domain alignment helps protect against spoofing, impersonation attacks, business email compromise, and phishing.
Subdomains inherit DMARC settings from the parent domain unless specified otherwise. For example, if the parent domain has a ‘reject' policy, the subdomain will inherit it. However, if you configure the subdomain separately, the system will not override your manual DMARC settings.
You can add the record, but it won't function properly. DMARC is based on SPF and DKIM. For it to pass, an email must pass SPF authentication and SPF alignment and/or DKIM authentication and DKIM alignment. If both are missing, DMARC will fail.