Free DMARC Record Generator
Create a DMARC TXT record in seconds. No technical knowledge required. Answer a few plain-language questions and copy your record straight into DNS.
We'll add it to your record so you receive daily reports on who's sending email as your domain.
Policy
Emails deliver normally. You just receive reports. Best if you're just getting started.
Your DMARC Record
Add as a TXT record at _dmarc.yourdomain.com
v=DMARC1; p=none
How to add this to DNS
- Log in to your DNS provider (Cloudflare, GoDaddy, Namecheap, etc.)
- Create a new TXT record - Host: _dmarc, Value: the record above
- Save. Changes usually take effect within 30–60 minutes.
Want to automate your email deliverability?
SendScale handles email warm-up, authentication monitoring, and outbound campaigns - so your emails land in the inbox.
Try SendScale freeMore free tools
What is DMARC?
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It is a DNS record that tells receiving mail servers (like Gmail and Outlook) what to do when someone sends an email claiming to be from your domain but failing authentication checks. Think of it as the enforcement layer on top of SPF and DKIM.
Without DMARC, anyone can send email that appears to come from your domain. That means phishers can impersonate your brand, harm your reputation, and put your customers at risk. DMARC stops that and gives you visibility into who is sending as your domain in the process.
Why DMARC matters for email deliverability
Major inbox providers (including Google, Microsoft, and Yahoo) use DMARC as a trust signal. Since February 2024, Google and Yahoo require bulk senders to have DMARC in place, or risk having their mail rejected. A properly configured DMARC record also reduces the chance of your domain being used in phishing campaigns, which can tank your sender reputation across the board.
For cold outreach and transactional email, DMARC combined with SPF and DKIM is the baseline for inbox placement. Without it, you are leaving deliverability to chance.
The three DMARC policies explained
p=none (Monitor mode)
Emails are delivered normally regardless of whether they pass or fail. You receive daily reports showing who is sending mail as your domain. This is the right place to start: collect data, identify all your legitimate sending sources, and fix any problems before tightening the policy.
p=quarantine (Soft enforcement)
Emails that fail authentication are sent to the spam or junk folder. Move to this policy once your DMARC reports show that all legitimate mail passes. This gives you meaningful protection while still allowing occasional misconfigurations to reach recipients (in spam, not rejected).
p=reject (Full enforcement)
Emails that fail authentication are rejected outright and never delivered. This is the strongest protection and the goal for most domains. Only move here once you are fully confident all legitimate mail passes SPF and DKIM alignment, because misconfigured legitimate mail will be silently dropped.
How to verify your DMARC record is working
After adding the record to DNS, allow 30–60 minutes for propagation and then check it using our free Email Domain Checker. It will confirm your DMARC record is present, show the parsed values, and flag any issues. Once you start receiving aggregate reports (usually within 24–48 hours), review them to make sure all your legitimate sending is passing before tightening your policy.
Frequently Asked Questions
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a DNS TXT record that tells receiving mail servers what to do when an email claiming to be from your domain fails authentication checks. It builds on SPF and DKIM to protect your domain from spoofing and phishing.