Free Tool

DMARC Record Generator

DMARC takes 5 minutes to set up — but most brands stay at p=none for months and never see the reports. Generate a properly configured DMARC record with reporting enabled, and understand exactly what each setting means before you publish it.

Your domain

DMARC Policy (p=)

What should receiving servers do with emails that fail DMARC?

p=none Monitor only — no action taken. Good starting point. p=quarantine Send failing emails to spam folder. p=reject Block failing emails entirely. Maximum protection.

Aggregate report email (rua)

Where to send daily DMARC aggregate reports (XML summaries of who's sending email using your domain).

Forensic report email (ruf) — optional

Where to send forensic failure reports (copies of individual failing emails). Not all ESPs send these.

Apply same policy to subdomains (sp=)

Enforcement percentage (pct=)

Percentage of failing emails to apply policy to. Use less than 100% to roll out gradually.

100%

DNS Record Name

_dmarc.yourdomain.com

TXT

Record Value

v=DMARC1; p=none;

How to publish this record

Log in to your DNS provider (Cloudflare, GoDaddy, Namecheap, Route53, etc.)
Create a new TXT record
Set the Name/Host to _dmarc
Paste the record value above into the Value/Content field
Save and wait up to 48 hours for propagation (usually under 1 hour)

Setting Up DMARC Right the First Time

What does DMARC do?

DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving servers what to do when an email claiming to be from your domain fails SPF or DKIM checks. Without it, spammers can impersonate your domain.

What policy should I start with?

Start with p=none to monitor without impacting delivery. After reviewing reports for 2–4 weeks, move to p=quarantine, then p=reject once you're confident all legitimate senders are properly authenticated.

Why do I need DMARC reports?

Aggregate reports (rua) show you every IP sending email claiming to be from your domain. This reveals shadow IT, misconfigured ESPs, and spoofing attempts — before they damage your reputation.

Does DMARC affect deliverability?

Yes — positively. Gmail, Yahoo, and Microsoft now require DMARC for bulk senders. Having p=reject significantly improves trust signals and can improve inbox placement rates.

Related Free Tools

SPF Record Builder → Deliverability Health Check → Blacklist Checker →

Learn More

↗

SPF, DKIM, and DMARC Explained

Step-by-step implementation order before DMARC can enforce and protect your domain.

↗

Does DMARC Failure Guarantee the Spam Folder?

Why moving from p=none to p=reject impacts Promotions tab placement and deliverability.

Why We Built This Tool

DMARC takes 5 minutes to publish but months to enforce correctly. Most brands publish at p=none and never graduate to p=quarantine or p=reject because they're processing raw XML reports manually. This generator creates the exact record with reporting enabled so teams can act on the data.

What Goes Wrong Without This

Without DMARC enforcement, your domain remains vulnerable to spoofing and phishing impersonation. Attackers can send emails claiming to be from you with no authentication failure — customers receive them in their inbox, damaging your reputation.

Who This Tool Is For

E-commerce & DTC Brands

Teams managing customer lists at scale (50K–5M emails/month) who need to monitor for spoofing and phishing impersonation of their brand.

Email Marketing Agencies

Agencies managing DMARC enforcement across multiple client domains and handling reporting on behalf of clients.

B2B SaaS & Outbound Teams

Teams sending cold outreach and sales sequences who need to track authentication failures and optimize deliverability.

Frequently Asked Questions

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving servers what to do when an email claiming to be from your domain fails SPF or DKIM checks. It enables reporting and enforcement of your authentication policies.

What's the difference between p=none, p=quarantine, and p=reject?

p=none monitors without action (view reports only). p=quarantine moves failing emails to spam. p=reject blocks failing emails entirely. Start with p=none, monitor for 2-4 weeks, then upgrade to quarantine, then reject once confident all legitimate senders are authenticated.

Why do I need DMARC reports?

Aggregate reports (rua) show every IP sending email claiming to be from your domain, revealing unauthorized senders, ESP configuration issues, and spoofing attempts before they impact your reputation.

Do I need an InboxEagle account to use this tool?

No. This tool is completely free and requires no account or sign-up. InboxEagle provides it as a standalone resource for email marketers, developers, and agencies.

DMARC Configured. Now Keep It Enforced.

After publishing, InboxEagle processes your DMARC aggregate reports for you — surfacing unauthorized senders, alignment failures, and policy gaps in a dashboard instead of raw XML files. 2,000+ brands use it to manage their DMARC roadmap from p=none to p=reject.

Start Free 14-Day Trial

No credit card required · Cancel anytime