How to Create a DMARC Record

Answer the questions below and we’ll generate a record for you in the correct format. For more details about each question or option list, click on the "Help" link beside it for more detailed information.

1. How do you want mail that fails DMARC to be treated by the recipient?

We recommend that you start with a policy of "none" - which is "Reporting Mode".

Help

*Note: If you set this to "quarantine" or "reject" and don’t set a PCT (percentage tag) in your DMARC record, 100% of your messages will be quarantined or rejected by inboxes.

None: Observation/Reporting mode. In this mode, Inbox providers send email statistics for your domain and

Quarantine: In this state, mail receivers will quarantine messages that are not DMARC compliant. It is recommended to specify a "pct" tag in your DMARC record if in quarantine state, as this will allow you to slowly test stronger authentication policies without impacting legitimate mail flows. For example, you could start with a pct=10. With that tag you are telling mail receivers that a random 10% of messages should be quarantined and the remaining 90% of messages will not be impacted. Note: If you don not specify a "pct" amount, it is assumed that you want 100% of non-compliant messages to be quarantined.

Reject: In this state, mail receivers will reject messages that are not DMARC compliant. We recommend that you specify a "pct" tag in your DMARC record, as this will allow you to slowly test stronger authentication policies without impacting your legitimate mail flows. For example, you could start with a pct=10. With that tag you are telling mail receivers that a random 10% of messages should be rejected if they aren’t DMARC compliant. The remaining 90% of messages will be quarantined if they aren’t DMARC compliant. Note: If you do not specify a "pct" amount, it is assumed that you want 100% of non-compliant messages to be rejected.


2. What email address(s) should aggregate DMARC reports be sent to?

*If adding multiple email addresses, please use a comma to separate each one.

Help

One of the biggest benefits of DMARC is the ability to view email delivery statistics reported by Inbox providers (Gmail, Outlook.com, Yahoo!) so you can see email delivery issues as well as possible spoofed messages sent from your domain.

You can add multiple emails, comma separated. Aggregate reports will be sent to the email specified. *At least one (1) or more addresses must be specified for DMARC to function.


3. What email address(s) would you like to receive forensic DMARC failure reports?

*If adding multiple email addresses, please use a comma to separate each one.

Help

Email address(es) that you would like to receive individual failure reports. These reports are copies of the original message that failed authentication mechanisms. Forensic reports provide forensic insight into SPF and DKIM authentication issues that may be impacting your email delivery, as well as a way to investigate possible domain spoofing and abuse of your domain.

You can add one or more email addresses (comma separated).


Would you like to have MxToolbox automatically process your DMARC reports for analysis and delivery insights?

Help

DMARC reports can be overwhelming for most businesses to handle. Your mail system may become overwhelmed by the volume of DMARC messages sent. Add to that the complexity of your business processing all those messages and making sense from all the information. By having MxToolbox automatically receive and process DMARC reports all of the heavy lifting is on us and you can analyze the data into custom reports built by MxToolbox.


Created Record Output:

The below record is updated as you modify the fields on the left.

Once you have finished creating your record in this editor, visit your DNS hosting provider and create a new record with the values presented below.

Type: TXT
Host/Name: _DMARC.actgarden.com
Value: v=DMARC1; fo=1; p=none; rua=mailto:aa425e8c@mxtoolbox.dmarc-report.com; ruf=mailto:aa425e8c@forensics.dmarc-report.com;
* Note: For many DNS hosting providers, you'll just type "_DMARC" as the host/name and the tool add/append your domain name automatically.