Email - DMARC

Email DMARC Wizard

Use our Email DMARC Wizard to construct your domains DMARC DNS record.

Fill in the details below to start building your DMARC record.

Follow these simple steps to create your DMARC record

  1. Enter your domain
  2. Choose your Policy
  3. Provide your Aggregate reports address
  4. Provide your Failure Reporting address (Optional)
  5. Choose Identifier Alignment
  6. Choose Subdomain Policy (Optional)
  7. Choose DMARC Policy percentage (Optional)
Domain
Policy
Sub Domain Policy
Aggregate Reports
Forensic Reports
DKIM Alignment Mode
SPF Alignment Mode
Forensic Reporting Options
Percentage of messages subjected to filtering
Reporting interval

DMARC Tags Explained

TAG TAG Description
v (required) Protocol version: This tag tells the email receiver what version of DMARC the sender is using. It is currently always DMARC1
p (required) Policy for organizational domain: This tag tells the email receiver what to do with emails that fail the DMARC test. It can be none, which means do nothing; quarantine, which means put them in spam or junk folder; or reject, which means delete them or bounce them back.
sp The subdomain policy: This tag tells the email receiver what policy to use for subdomains of the sender’s domain. For example, if the sender’s domain is example.com, then this tag applies to sub.example.com, mail.example.com, etc. If this tag is not specified, then the same policy as the main domain is used.
rua Reporting URI of aggregate reports: This tag tells the email receiver where to send a summary report of how many emails passed or failed the DMARC test. It is usually an email address of the sender’s domain.
ruf Reporting URI for forensic reports: This tag tells the email receiver where to send a detailed report of each email that failed the DMARC test. It is also usually an email address of the sender’s domain.
adkim Alignment mode for DKIM: This tag tells the email receiver how strict to be when checking the DKIM authentication of the emails. DKIM is a way of signing the emails with a digital signature that proves they are from the sender’s domain. This tag can be s, which means the domains must match exactly; or r, which means the domains can be different as long as they have the same base domain. For example, if the sender’s domain is example.com, then s means the DKIM domain must also be example.com; but r means the DKIM domain can be sub.example.com, mail.example.com, etc.
aspf Alignment mode for SPF: This tag tells the email receiver how strict to be when checking the SPF authentication of the emails. SPF is a way of listing the IP addresses that are allowed to send emails from the sender’s domain. This tag can be s or r, same as for DKIM.
fo Forensic reporting options: This tag tells the email receiver when to send a forensic report of each email that failed the DMARC test. It is an optional tag that has four possible values: 0, 1, d, or s. The value 0 means send a report only if the email fails both SPF and DKIM alignment. The value 1 means send a report if the email fails either SPF or DKIM alignment. The value d means send a report if the email’s DKIM signature fails validation. The value s means send a report if the email fails SPF evaluation. If this tag is not specified, the default value is 0
rf Reporting format: This tag tells the email receiver what format to use for the forensic report. The only supported format is afrf, which stands for Authentication Failure Reporting Format. It is an optional tag that has a default value of afrf.
pct Percentage of messages subjected to filtering: This tag tells the email receiver how many emails to apply the DMARC policy to. It is a number between 0 and 100. For example, if it is 50, then half of the emails will be checked and the other half will be ignored.
ri Reporting interval: This tag tells the email receiver how often to send the aggregate report of the DMARC results. It is an optional tag that has a default value of 86400, which means one day in seconds. The value can be any number between 0 and 4294967295.