AcuityScan

DMARC Record Generator

Build a DMARC record in seconds. Choose your policy, add a reporting address, and get a copy-paste DNS record with the correct host name.

3 policiesReport emailCopy-paste readyDNS host included

What you get

Here's an example DMARC record generated with a quarantine policy and reporting enabled.

Example DMARC Record

v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@example.com; pct=100; adkim=r; aspf=r

Host: _dmarc.example.com · Type: TXT · Policy: Quarantine

quarantine
Policy
_dmarc
DNS Host
Valid
Syntax Check

How it works

Policy Selection

Choose between three DMARC policies: None (monitoring only, emails delivered normally), Quarantine (failed emails sent to spam), or Reject (failed emails blocked entirely). Start with None and work up to Reject.

Aggregate Reporting

Add your reporting email address and the generator adds the correct rua= tag. You'll receive daily XML reports from mailbox providers showing who's sending email as your domain and whether it passes authentication.

DNS Host Name

DMARC records must be published at _dmarc.yourdomain.com — not the root domain. The generator provides the exact host name so you don't have to remember the convention.

Alignment Settings

Configures SPF and DKIM alignment mode (relaxed by default). Relaxed alignment allows subdomains to pass, while strict requires an exact domain match.

Percentage Control

Sets pct=100 by default (apply policy to all messages). During rollout, you can manually adjust this to apply the policy to only a percentage of failing messages.

Copy-Paste Ready

Get the exact TXT record value and the correct DNS host name. Copy the record, paste it into your DNS provider, and your DMARC policy is live.

Common questions

What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a DNS record that tells receiving mail servers what to do when email from your domain fails SPF and DKIM checks. Without DMARC, receivers make their own decisions — with DMARC, you control the policy.
Which policy should I start with?
Start with 'none' (monitoring only). This lets you receive reports and see who's sending email as your domain without affecting delivery. Once you've confirmed all legitimate senders pass SPF and DKIM, move to 'quarantine', then eventually 'reject'.
Do I need SPF and DKIM first?
Yes. DMARC builds on top of SPF and DKIM. Without them, every email will fail DMARC checks and your policy will apply to all messages — including legitimate ones. Set up SPF and DKIM first, verify they're passing, then add DMARC.
What are DMARC aggregate reports?
Aggregate reports are XML files sent daily by mailbox providers (Google, Microsoft, Yahoo, etc.) to the email address in your rua= tag. They summarize how email from your domain performed — which IPs sent it, whether SPF/DKIM passed, and what action was taken.
Where do I add the DMARC record?
Add it as a TXT record with the host name _dmarc (or _dmarc.yourdomain.com, depending on your DNS provider's format). The value is the full DMARC string starting with v=DMARC1.
Do I need an account?
No account needed. For ongoing monitoring, white-label reports, and the full Site+ Scan covering 350+ checks, see our Pro and Agency plans.

Related tools

SPF GeneratorDMARC AnalyzerDNS LookupEmail Deliverability

Want the full picture?

The checks email deliverability plus 7 other categories — DNS, SSL, performance, SEO, accessibility, privacy, and mobile.

Run