Build a DMARC record, one question at a time.

Answer a few plain-English questions and we assemble a valid v=DMARC1 record for you. Start in monitor-only mode, point reports somewhere you can read them, and tighten the policy as you gain confidence.

Policy

Monitor only. Receivers take no action on failing mail; you just collect reports. Start here.

Non-existent subdomains (np)

New in DMARCbis. Sets the policy for subdomains that don't exist, a common spoofing trick. np=reject is a safe quick win even while your main policy is still at p=none, since no real mail comes from a subdomain you never created. One caveat: a wildcard DNS record makes every subdomain "exist" and turns this off.

Publish this record in DNS

Add one TXT record at the host below. It updates live as you change the options above.

Host / name
_dmarc
Type
TXT
Value
v=DMARC1; p=none; np=reject

What to do next

  1. 1.Publish the TXT record above at _dmarc. DNS can take a few hours to propagate.
  2. 2.Watch the aggregate reports for a week or two to confirm your real senders pass before tightening the policy.
  3. 3.Re-run the DMARC audit to confirm the published record parses the way you expect.