Available at suped.com/dmarc-record-generator.
Build a valid DMARC record using a guided form. The generator walks you through each option and outputs a complete TXT record you can add to _dmarc.yourdomain.com.
Options
Policy (p)
The action receivers should take when authentication fails: none (monitor only), quarantine (send to spam), or reject (block the email).
Aggregate reports (rua)
Email addresses that receive daily DMARC aggregate reports in XML format. These reports show who is sending email using your domain.
Forensic reports (ruf)
Email addresses that receive individual failure reports. These provide details about specific authentication failures. Less commonly supported by receivers.
Alignment modes (adkim, aspf)
Controls how strictly the domains in DKIM and SPF must match the From header domain:
- Relaxed (default) - organizational domain match (e.g.
mail.example.commatchesexample.com) - Strict - exact domain match only
Failure options (fo)
When to generate forensic reports:
0- Generate when both SPF and DKIM fail (default)1- Generate when either SPF or DKIM fails (recommended)d- Generate when DKIM failss- Generate when SPF fails
Subdomain policy (sp)
Override the main policy for emails sent from subdomains. If not set, subdomains inherit the main policy.
Percentage (pct)
Apply the policy to only a percentage of failing emails. Useful for gradual rollout - start at a low percentage and increase as you gain confidence.
Output
The generator produces a complete TXT record value that you add as a DNS record at _dmarc.yourdomain.com. Copy the output and paste it into your DNS provider.
