Skip to main content

DMARC Record Wizard

Our DMARC Record Wizard guides you through each step of building a valid DMARC record that is appropriate for your domain. By publishing your new DMARC record in DNS, you gain insights into how your domain is being used and/or abused.

Not sure what a DMARC record is? Read more about it here.

Our tools are under maintenance. Please try again later.

Warning

Error

Access/bookmark this inspection at

Did you mean

?

Invalid email

Invalid record parameters. Fix the invalid inputs and try again.

Your DMARC Record is

Step

What domain would you like to create a record for?

Enter a domain

What type of DMARC policy do you want?

How do you want to treat mail that fails the DMARC check?

Nothing yet, just collect data.

Quarantine it for further analysis.

Reject it outright.

DMARC allows you to apply different "policies" to email that appears unaligned with your domain. When first publishing your record, we suggest you start with "none". This allows you to collect data without affecting your email streams.

Where do you want Aggregate Reports sent?

Data is the driving force of DMARC. If an address is specified, Aggregate DMARC reports will be delivered to the given email address for further processing.

You can continue with this wizard if you want to receive reports directly, or you can create a free dmarcian account and we’ll build your record for you.
If you do want to receive the report directly, you’ll still need way to visualize the data. Bookmark our XML-to-Human converter tool for after you’ve begun to receive reports.

DMARC Aggregate data reports are crucial in evaluating, monitoring and securing your mail streams. These XML-based aggregate reports are generated on a 24 hour cycle and include comprehensive statistics on how an email receiver sees your domain being used - including all email that fully passed DMARC.

Dmarcian users are able to automatically receive and process these reports as they are generated and view them in the Domain Overview.

Do you want to receive individual failure reports?

Individual Failure Reports, or Forensic Reports, are copies of individual pieces of email that fail the DMARC check. These reports are not required or necessary for DMARC deployment, but may give further insight into how your domain may be being abused.

No

Yes

Dig into email by generating Forensic DMARC reports. Although not required to get DMARC in place, it may be helpful in identifying sources or patterns of email abuse. For more information on DMARC Forensic reports, check out this article.

Dmarcian provides an email address for registered users where forensic reports can be delivered and analyzed in Forensic Viewer.

DMARC Forensic consist of redacted copies of individual emails that failed SPF, DKIM or both. These reports are not always available due to privacy concerns, volume concerns, or the view that they’re not required to get DMARC deployed accurately.

When do you want to generate Forensic Reports?

When both SPF and DKIM fail.

When either SPF or DKIM fails.

When DKIM fails.

When SPF fails.

Relaxed or Strict mechanisms?

Here, you can change the Identifier Alignment for each mechanism.

The Identifier Alignment specifies how strictly DKIM and SPF policies are evaluated. Relaxed mode allows SPF Authenticated domains that share a common Organizational Domain with an email's header-from: domain to pass the DMARC check. Strict mode requires exact matching between the SPF domain and an email's header-from: domain.

Alignment

default

Relaxed

Strict

Do you want a different policy for subdomains?

By default, the policy applied to example.com will be applied to department.example.com.

If you do not send email from a subdomain, setting a subdomain policy of reject will help prevent email abuse against subdomains.

If you are unsure of whether your email flows from a subdomain, select "No" until further data can be collected.

What policy do you want to apply to email from a subdomain of this DMARC record that fails the DMARC check? This will default to whatever policy is applied to the organizational domain.

What percentage of email do you want to apply this to?

DMARC allows users to slowly ramp their policy by allowing users to apply the given DMARC policy to a specific percentage of email flows. If you specify a percent other than 100, your DMARC policy will only be applied to the given percentage of your messages.

Start creating

Previous

Next

Create record

Start over

Record Type

Target

Host

Location

Fix the invalid domain to proceed further.

Fix the invalid addresses to proceed further.

Fix the invalid percentage to proceed further.

Or, try our quick record wizard.

Policy

Subdomain Policy

Same as parent

None

Quarantine

Reject

Alignment

Relaxed

default

Strict

Addresses

Policy Application Percent

Forensic Reporting Options

Report if all mechanisms fail

Report if one mechanism fails

Report DKIM failures

Report SPF failures

Create record

Fix the invalid inputs to create a record.

{{ texts.policy }}:


{{ texts.subdomainPolicy }}:



DKIM {{ texts.alignment }}:

SPF {{ texts.alignment }}:

RUA {{ texts.addresses }}:
RUF {{ texts.addresses }}:
{{ texts.policyApplicationPercent }}:
{{ texts.forensicReportingOptions }}:



Did you create a DMARC Record and start receiving XML Reports? Allow our application to process and visualize your DMARC data in ways that expose authentication gaps (SPF/DKIM) and unauthorized use of your domains.

Get your domains into compliance.
Try out dmarcian!