Where do I publish the DMARC record?

Create a DNS TXT record with the hostname _dmarc.yourdomain.com (e.g. _dmarc.example.com) and paste the generated value as the record content. TTL of 3600 is typical.

What is the difference between p=none, quarantine, and reject?

p=none monitors without affecting delivery and is ideal for initial rollout. p=quarantine moves failing messages to the spam folder. p=reject instructs receiving servers to drop failing messages entirely.

pct= limits the percentage of messages the policy is applied to (1–100). Setting pct=10 applies your quarantine/reject policy to only 10% of failing mail, allowing a safe gradual rollout.

What is adkim= and aspf=?

These control alignment strictness. r (relaxed, default) allows the organizational domain to match. s (strict) requires an exact domain match. Most deployments use relaxed alignment.

Do I need both rua= and ruf=?

Only rua= (aggregate reports) is strongly recommended — it provides daily XML summaries. ruf= (forensic/failure reports) sends copies of individual failing messages and is optional; some providers disable it for privacy reasons.

sp= sets the policy for subdomains independently from the root domain policy. Useful when you want p=reject on the root but need p=none on subdomains still being evaluated.

DMARC Record Generator

Name: DMARC Record Generator
Availability: InStock
Author: Nham Vu

Configure your DMARC policy options and instantly get the DNS TXT record string ready to publish at _dmarc.yourdomain.com.

DMARC Policy Options

Policy (p=) *

Subdomain Policy (sp=) optional

Percentage (pct=) optional, default 100

100 %

Aggregate Report Email (rua=) optional

Separate multiple addresses with commas.

Forensic Report Email (ruf=) optional

DKIM Alignment (adkim=)

SPF Alignment (aspf=)

Failure Reporting (fo=) optional

Generated TXT Record

How to Publish

Log in to your DNS provider (Cloudflare, Route 53, GoDaddy, etc.).
Add a new TXT record.
Set the Name / Host to _dmarc (or _dmarc.yourdomain.com).
Paste the generated value above into the Value / Content field.
Save. DNS changes can take up to 48 hours to propagate.

Tag Reference

Tag	Required	Description
v=	Yes	Protocol version — always DMARC1
p=	Yes	Policy: none / quarantine / reject
sp=	No	Subdomain policy (inherits p= if omitted)
pct=	No	% of mail the policy applies to (default 100)
rua=	No	Aggregate report recipients (recommended)
ruf=	No	Forensic report recipients
adkim=	No	DKIM alignment: r (relaxed) / s (strict)
aspf=	No	SPF alignment: r (relaxed) / s (strict)
fo=	No	Failure reporting options: 0, 1, d, s

Record copied!

Summary