DMARC Record Wizard | DmarcDkim.com

What domain do you want to protect?

Just a domain name. No http(s) or www.

Enter the main domain you send email from, e.g. domain.com

What should happen to emails that fail authentication?

This is the most important DMARC setting. It tells email providers what to do when an email fails DMARC checks.

None (monitor only) Recommended

No action on failing emails. You only receive reports.

Quarantine

Failing emails sent to spam folder.

Reject

Failing emails blocked entirely.

Progress gradually

Start with none to collect data. Once you're confident all legitimate senders pass authentication, move to quarantine and eventually reject.

Where should we send reports?

DMARC reports help you monitor email authentication. Tick which addresses should receive aggregate (RUA) and forensic (RUF) reports.

RUA	RUF	Email
		domain.com@rua.dmarcdkim.io Recommended
		domain.com@ruf.dmarcdkim.io

Aggregate reports are essential for monitoring. Forensic reports help debug failures but not all providers support them. Learn more about DMARC reports

How strictly should domains be matched?

Alignment controls how closely the domain in the email's "From" header must match the domains used for SPF and DKIM authentication.

DKIM alignment

Strict Recommended

DKIM signing domain must exactly match From domain.

Relaxed

Subdomains of the From domain are also accepted.

SPF alignment

Relaxed Recommended

Subdomains accepted. Works well with third-party senders.

Strict

Return-Path domain must exactly match From domain.

Our recommendation

Use strict DKIM alignment during monitoring to see exactly where issues exist. Use relaxed SPF alignment for compatibility with third-party email services.

Your DMARC Record

Fill in the details and your DMARC record will appear here.

Type

TXT

Host/Name

Value

v=DMARC1; p=none

Next steps

Publish this TXT record at your DNS provider, then run the DMARC Check tool to confirm it's live.