Back to Course
Լight modeDark mode

How to Create and Publish a DMARC Record?

Instructions for Generating Your DMARC Record

The process for generating your DMARC DNS Record is extremely simple if you use an online DMARC record generator tool for this purpose. All you need to do is fill up the following criteria:

  • Choose your DMARC policy mode(if you are just starting out with email authentication, we recommend a policy of p=none for you to begin with so you can monitor your email flow)
  • Choose the DMARC policy mode for your subdomains ( we recommend you only activate this criterion if you wish to opt for a different policy for your subdomains, else, by default it takes up the same policy as your main domain)
  • Type in your desired email addresses wherein you want your DMARC RUA (aggregate) and RUF (Forensic) reports to be delivered to
  • Choose your DKIM alignment mode (for strict alignment the DKIM signature in the email header has to match exactly with the domain found in the From header. For relaxed alignment the two domains must share the same organizational domain only)
  • Choose your SPF alignment mode (for strict alignment the domain in the Return-path header has to match exactly with the domain found in the From header. For relaxed alignment the two domains must share the same organizational domain only)
  • Choose your forensic options (this represents under which circumstances you want to receive your forensic reports)

A typical error-free DMARC record looks something like this:

v=DMARC1; p=none; sp=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1;

The generated record is now to be published in your domain’s DNS on the subdomain: _dmarc.YOURDOMAIN.com

How to Publish Your DMARC Record? 

In order to publish your generated DMARC record, you will need to log in to your DNS console and navigate to the specific domain for which you want to configure DMARC.

After navigating to the domain in your DNS management console, you will need to specify the hostname and the resource type. Since DMARC exists in your domain as a DNS TXT record, the resource type for it is TXT, and the hostname to be specified in this case is : _dmarc 

Finally, you need to add the value of your DMARC record (the record you generated previously): v=DMARC1; p=none; sp=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1;

Save changes to the whole process and you have successfully configured DMARC for your domain!

NOTE: DNS record propagation in your domain name system may take up to 72 hours depending on your provider. 

How to check your DMARC record? 

To check your DMARC record you can use an online DMARC record lookup tool to make sure your record is devoid of errors, is functional, and configured properly. 

Note that SPF and DKIM alone cannot protect your domain against attacks. To protect your domain, pairing DMARC with SPF and DKIM is your best bet. 

DMARC Fundamentals >How to Create and Publish a DMARC Record?
Course content
Email Authentication Fundamentals