🛡️ DMARC Record Generator: Stop Email Spoofing in 60 Seconds
Published May 2, 2026 · 4 min read · Try DMARC Generator →
Email spoofing is the #1 phishing vector. Anyone can send an email that looks like it came from your domain — unless you have DMARC. In this guide, you'll learn what DMARC is, how it works with SPF and DKIM, and how to generate a DMARC record in 60 seconds using our free tool.
What Is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that tells receiving servers what to do when an email fails SPF or DKIM checks. It's the policy layer on top of SPF and DKIM — without DMARC, you're relying on receiving servers to guess what to do with unauthenticated mail.
Why You Need DMARC Right Now
- Stop domain spoofing — Prevent attackers from sending phishing emails that appear to come from your company.
- Protect brand reputation — Spoofed emails damage customer trust and can land your domain on blacklists.
- Required for BIMI — Want your logo in Gmail inboxes? You need DMARC at
p=quarantineorp=reject. - Google & Yahoo mandate it — Starting 2024, bulk senders (5,000+ emails/day) must have DMARC. Even if you send less, DMARC is a deliverability signal.
- Visibility — DMARC reports show you who's sending mail on your behalf — legitimate and illegitimate.
The Three DMARC Policies
| Policy | What It Does | When to Use |
|---|---|---|
p=none |
Monitor only — no action taken on failures | First deployment, collecting data |
p=quarantine |
Send failing mail to spam/junk | Testing phase, partial enforcement |
p=reject |
Block failing mail entirely | Full protection (final goal) |
How to Generate a DMARC Record (3 Steps)
Step 1: Set your policy — start with p=none and an email for aggregate reports.
Step 2: Use our free DMARC Generator — enter your domain, choose your policy, and get a ready-to-paste DNS record.
Step 3: Add the record to your DNS as a TXT record on _dmarc.yourdomain.com.
Example DMARC Record
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com; pct=100; sp=none; aspf=r; adkim=r;DMARC + SPF + DKIM: The Triple Lock
DMARC only works when combined with SPF and DKIM. Think of it as a three-layer authentication system:
- SPF — Authorizes which servers can send mail from your domain.
- DKIM — Cryptographically signs emails so they can't be tampered with.
- DMARC — Tells receiving servers what to do when SPF or DKIM fail.
Miss any one of these, and your DMARC enforcement won't work. Check your domain's email configuration now →
Common DMARC Mistakes
- ❌ Setting
p=rejectbefore testing withp=none - ❌ Forgetting to add
rua(aggregate reports) — you're flying blind - ❌ Not aligning SPF and DKIM identifiers with the From: domain
- ❌ Adding DMARC but leaving SPF/DKIM broken
Generate Your DMARC Record Now
Don't leave your domain open to spoofing attacks. Generate a DMARC record in seconds with our free tool — no signup, no email required, copy-paste to your DNS.
Free · No signup · Crypto-native · Instant results