How it works
- Choose a policy: monitor, quarantine, or reject.
- Add aggregate and forensic report addresses if you collect DMARC reports.
- Set alignment and rollout percentage, then publish the TXT record at `_dmarc`.
DMARC tells receivers what to do when mail fails SPF and DKIM alignment. Start with monitoring, then tighten when legitimate senders are covered.
Enter a valid aggregate report email to generate.
Examples
v=DMARC1; p=none; rua=mailto:dmarc@example.com; adkim=r; aspf=r
Collects reports without asking receivers to quarantine or reject yet.
p=reject before all legitimate senders pass alignment
Real mail can be rejected if SPF or DKIM is incomplete for a sender.
Use readiness reports instead of treating a DNS policy as launch approval.
Create the SPF policy DMARC can evaluate for alignment.
Generate a DKIM keypair before enforcing DMARC.
Verify the published DMARC record and adjacent auth records.
Turn a DNS or authentication check into a conservative inbox-capacity plan.
Publish it as a TXT record at `_dmarc.yourdomain.com`, not at the root domain.
No. Enforcement can reduce spoofing risk, but it is not an inbox-placement guarantee and can block legitimate mail if setup is incomplete.