Free DMARC Generator

Generate your DMARC record

Choose your policy and reporting options and we’ll build a valid DMARC TXT record for _dmarc.yourdomain.com — with safe defaults so you start monitoring without blocking real mail.

Your domain

Policy (p)

Subdomain policy (sp)

Aggregate reports (rua)

Forensic reports (ruf, optional)

Percentage (pct)

DKIM alignment (adkim)

SPF alignment (aspf)

Add this DNS record

Type: TXT
Host / Name: _dmarc.yourdomain.com

Value

v=DMARC1; p=none

nonethe safe DMARC policy to start with — monitor first, then tighten to quarantine or reject.

Why DMARC is worth generating carefully

DMARC is what actually stops attackers from spoofing your domain, and Google and Yahoo now require it for bulk senders. It’s also the record most likely to hurt you if you rush it.

The policy you choose decides whether failing mail is monitored, quarantined, or rejected — so the difference between a safe rollout and silently deleting your own invoices comes down to a single field.

The mistakes a generator prevents

The classic error is jumping straight to p=reject before confirming SPF and DKIM align for every legitimate sender — which sends your own mail to the void. The other is publishing a record with no rua address, so you’re enforcing blind with no reports to learn from.

This generator defaults to a safe p=none with reporting enabled, and assembles the syntax correctly so a stray semicolon doesn’t silently invalidate the whole record.

Jump straight to p=reject before SPF and DKIM align and you’ll send your own legitimate mail to the void. Start at p=none.

How Zeqo helps you enforce safely

DMARC is a journey from monitoring to enforcement, and the aggregate reports are how you know when it’s safe to tighten the policy. Reading raw XML reports by hand is miserable.

Zeqo Mail ingests your DMARC reports, shows in plain English who’s sending as your domain, and watches your record so it’s never duplicated, weakened, or removed.

Start monitoring free →

More free tools

Email Deliverability Checker

Check SPF, DKIM, DMARC, blacklists and MX in one go.

SPF Checker

Validate SPF and catch the 10-lookup PermError trap.

DKIM Checker

Verify DKIM signing on the right provider selector.

DMARC Checker

Check DMARC policy strength and the duplicate-record trap.

Blacklist Check

See if your sending IP is on major email blacklists.

Email Deliverability Test

Run a full inbox-readiness test and get one clear verdict.

SPF Record Generator

Build a valid SPF record from your sending sources.

Frequently asked questions

How do I create a DMARC record?+

Publish a TXT record at _dmarc.yourdomain.com starting with v=DMARC1, a policy (p=none, quarantine, or reject), and ideally a rua= address for aggregate reports. This generator assembles the full record for you.

What DMARC policy should I start with?+

Start with p=none to monitor without affecting delivery. Once your aggregate reports show SPF and DKIM passing for legitimate mail, move to p=quarantine, then p=reject.

What is rua in a DMARC record?+

rua is the address that receives daily aggregate reports about who is sending mail as your domain. It’s how you confirm everything is aligned before you enforce.

Where do I publish the DMARC record?+

As a TXT record at the host _dmarc.yourdomain.com — not on the apex domain itself.

Keep reading

8 min read

DMARC Reports Explained: How to Read Them and Fix What They Reveal

Set up DMARC and the reports start rolling in — as unreadable XML. What they actually tell you, and how to use them to lock down your domain.

8 min read

SPF, DKIM & DMARC Explained: A Plain-English Guide for Founders

The three DNS records that decide whether your email lands in the inbox — explained without the jargon, plus how to check yours in 30 seconds.