DMARC Record Generator | MStack360

DMARC Record Generator

Answer a few simple questions and we build a correctly formatted DMARC record for your domain. Built for small teams, no jargon, copy and paste ready.

How to create your DMARC record

DMARC tells receiving mail servers what to do with email that pretends to come from your domain. Fill in the fields below. Everything updates live on the right. When you are done, copy the record into your DNS provider.

DDomain or host name

1 How should mail that fails DMARC be treated?

We recommend starting with "None" (reporting mode) so you can watch the data safely before enforcing.

ⓘ What this setting controls

This is the p tag stored inside your DMARC record. It is the instruction every receiving mail server reads to decide what happens to email that fails the DMARC check.

None: nothing is blocked, you just collect reports. Safe starting point.
Quarantine: failing mail goes to spam or junk.
Reject: failing mail is blocked outright. Use only after weeks of clean reports.

Reporting mode. Nothing is blocked yet. Recommended for your first 4 to 6 weeks.

2 Where should aggregate reports be sent?

Daily summary reports. Use a comma to separate multiple addresses.

ⓘ What this field stores

This is the rua tag in your record. It holds the email address or addresses where mail providers send a daily XML report listing every source that sent mail using your domain. Point it at a monitored inbox or a DMARC analysis service so you can see who is sending on your behalf.

Recommended: create a dedicated shared mailbox like dmarc@yourdomain.com for these reports. If you use Microsoft 365, a shared mailbox is free. It keeps all the report traffic in one place and means the business owners are never bothered by a flood of automated emails. If you are not on Microsoft 365, any single inbox or distribution address you can monitor works just as well.

3 Where should forensic failure reports be sent?

Optional. Detailed per message failure samples. Comma separate multiple addresses.

ⓘ What this field stores

This is the ruf tag in your record. It holds the email address that receives detailed forensic samples of individual messages that failed DMARC. Many providers no longer send these for privacy reasons, so it is fine to leave it pointed at your DMARC inbox or remove it entirely.

Recommended: point this at the same dedicated inbox you used above. One mailbox for all DMARC traffic keeps things tidy and spares the owners the noise. If you use Microsoft 365, a shared mailbox for this is free.

% What percentage of mail should this apply to?

ⓘ What this value stores

This is the pct tag in your record. It holds the percentage of failing mail the policy is applied to, so you can roll out gradually, for example 25 percent first. Leave it at 100 for full coverage.

100%

Failure reporting (fo)

DKIM alignment (adkim)

SPF alignment (aspf)

Subdomain policy (sp)

Report interval (ri, seconds)

Your DMARC record

This updates live as you edit. Add it as a TXT record at your DNS provider.

Detected DNS host: Cloudflare

Type

TXT

Host / Name

_dmarc.example.com

Value

Open your DNS hosting provider dashboard.
Create a new TXT record.
Set the host to _dmarc (most providers append your domain automatically).
Paste the value above and save.
Allow up to 24 hours for DNS to propagate.

Tip for small teams: keep the policy on "None" for the first month, watch the aggregate reports land in your DMARC inbox, then move to Quarantine and finally Reject once you confirm all your real senders pass. Need help reading the reports? Reach us at help@mstack360.com