---
title: "How can I create a DMARC record for my domain to stop email spoofing? | DMARC Report"
description: "Creating a DMARC record takes 5 minutes: publish a DNS TXT record at dmarc.yourdomain."
image: "https://dmarcreport.com/og/blog/how-to-create-dmarc-record-stop-email-spoofing-domain.png"
canonical: "https://dmarcreport.com/blog/how-to-create-dmarc-record-stop-email-spoofing-domain/"
---

Quick Answer

Creating a DMARC record takes 5 minutes: publish a DNS TXT record at \`dmarc.

Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fhow-to-create-dmarc-record-stop-email-spoofing-domain%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=How%20can%20I%20create%20a%20DMARC%20record%20for%20my%20domain%20to%20stop%20email%20spoofing%3F&url=undefined%2Fblog%2Fhow-to-create-dmarc-record-stop-email-spoofing-domain%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fhow-to-create-dmarc-record-stop-email-spoofing-domain%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fhow-to-create-dmarc-record-stop-email-spoofing-domain%2F&title=How%20can%20I%20create%20a%20DMARC%20record%20for%20my%20domain%20to%20stop%20email%20spoofing%3F "Share on Reddit") [ ](mailto:?subject=How%20can%20I%20create%20a%20DMARC%20record%20for%20my%20domain%20to%20stop%20email%20spoofing%3F&body=Check out this article: undefined%2Fblog%2Fhow-to-create-dmarc-record-stop-email-spoofing-domain%2F "Share via Email") 

![How can I create a DMARC record for my domain to stop email spoofing?](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) 

## Try Our Free DMARC Checker

Validate your DMARC policy, check alignment settings, and verify reporting configuration.

[ Check DMARC Record → ](/tools/dmarc-checker/) 

\*\*Creating a DMARC record takes 5 minutes: publish a DNS TXT record at `_dmarc.yourdomain.com` with your chosen policy, configure reporting via the `rua=` tag, and start receiving aggregate reports within 24 hours. Per Google’s February 2024 bulk sender requirements, a DMARC record is now mandatory for any domain sending 5,000+ messages per day to Gmail.

> The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.

## DMARC Record Anatomy: Required and Optional Tags

A DMARC record is a semicolon-separated list of tags in a [TXT record](https://en.wikipedia.org/wiki/TXT%5Frecord) at dmarc.yourdomain.com.

As of 2025, DMARC is mandatory under multiple compliance frameworks. [CISA BOD 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) requires p=reject for US federal domains. [PCI DSS v4.0](https://www.pcisecuritystandards.org/) mandates DMARC for organizations processing payment card data as of March 2025\. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and [Microsoft began rejecting](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) non-compliant email in May 2025\. The UK [NCSC](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing), Australia’s [ASD](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-email), and Canada’s [CCCS](https://www.cyber.gc.ca/en/guidance/implementation-guidance-email-domain-protection) all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.

## Required tags (must be present)

- v: Version. Valid value: DMARC1
- p: Policy for the organizational domain. Values: none, quarantine, reject

## Recommended optional tags and valid values

- rua: Aggregate report URIs (mailto:). Example: rua=mailto:[dmarc@yourdomain.com](mailto:dmarc@yourdomain.com),mailto:[reports@vendor.tld](mailto:reports@vendor.tld)
- ruf: Forensic/Failure report URIs (mailto:). Example: ruf=mailto:[forensics@yourdomain.com](mailto:forensics@yourdomain.com)
- pct: Percentage of messages to **which policy applies** (0-100). Default 100
- fo: Failure reporting options: 0 (any fail), 1 (DKIM or SPF fail), d (DKIM fail), s (SPF fail). Common: fo=1
- adkim: DKIM alignment mode: r (relaxed, default) or s (strict)
- aspf: SPF alignment mode: r (relaxed, default) or s (strict)
- sp: Subdomain policy (overrides p for subdomains). Values: none, quarantine, reject
- ri: Aggregate report interval in seconds (default 86400). Example: ri=86400

## Example records

- Initial monitoring: v=DMARC1; p=none; rua=mailto:[dmarc@yourdomain.com](mailto:dmarc@yourdomain.com); fo=1; ri=86400
- Controlled rollout: v=DMARC1; p=quarantine; pct=25; rua=mailto:[dmarc@yourdomain.com](mailto:dmarc@yourdomain.com); fo=1; adkim=r; aspf=r
- Full enforcement: v=DMARC1; p=reject; sp=quarantine; rua=mailto:[dmarc@yourdomain.com](mailto:dmarc@yourdomain.com); ruf=mailto:[forensics@yourdomain.com](mailto:forensics@yourdomain.com); adkim=s; aspf=s; fo=1

How DMARCReport helps: Use DMARCReport’s Record Generator to compose, lint, and simulate these tags against your current traffic; it validates URIs, **detects duplicates/multiple records**, and previews receiver behavior by source.

![How to create dmarc record](https://media.mailhop.org/dmarcreport/images/2025/12/how-to-create-dmarc-record-5500.jpg) 

## Aligning Multiple Senders (Google Workspace, Mailchimp, Salesforce, etc.) and Ensuring SPF/DKIM Alignment

When multiple services send on your behalf, each must pass [SPF](https://dmarcreport.com/what-is-spf/) or [DKIM](https://dmarcreport.com/blog/dkim-best-practices-essential-guidelines-for-email-authentication/) in alignment with your visible From domain (organizationally aligned by default, strictly aligned if adkim/aspf=s).

## Alignment checklist by provider

- Google Workspace:
- SPF: include:spf.google.com in your SPF; alignment usually passes because Envelope From can be your domain.  
- DKIM: enable DKIM signing with d=yourdomain.com and a selector (e.g., google). Publish provided TXT key.
- Mailchimp/Marketing ESPs:
- SPF: Many ESPs use their own bounce domain ; SPF alignment may fail unless you configure a custom return-path (CNAME to provider) on your domain.  
- DKIM: Enable “authenticated domain” so the DKIM d=yourdomain.com **aligns with your From domain**.
- Salesforce/CRM:
- DKIM: Enable domain keys for your domain; verify selector in DNS.  
- SPF: Add include per vendor doc; ensure custom RFC5321.MailFrom if supported for SPF alignment.

General rules:

- At least one of SPF or DKIM must both pass and align for each message.
- _Prefer DKIM alignment for marketing streams because intermediaries/forwarding break SPF frequently_.
- If a vendor cannot sign DKIM with your domain or provide a custom bounce domain, move them to a dedicated subdomain (news.yourdomain.com) with its own DMARC record and a looser policy during transition.

Case study (composite, realistic):

- A B2B [SaaS](https://www.ibm.com/think/topics/saas) using Google Workspace (invoices), Mailchimp (newsletters), and Salesforce (ops) started with p=none and found only 71% of messages aligned. After enabling DKIM for all three and configuring a custom return-path in Mailchimp, alignment rose to 97.6% in 21 days. Advancing to p=quarantine pct=25 flagged a forwarding-related SPF failure in 1.8% of traffic; a DKIM tweak (relaxed/relaxed canonicalization) raised successful DKIM alignment to 99.1%, enabling p=reject by day 45\. Spoofed attempts dropped 86% month-over-month per receiver feedback.

How DMARCReport helps:

- Inventory of senders by IP, PTR, and ASN using rua data.
- Alignment matrix showing SPF and DKIM pass/alignment by source and by campaign domain.
- Per-provider setup guides (DKIM selectors, custom return-path) and verification checks.
- Alerts when a new sender **appears without alignment**.
![Dmarc check](https://media.mailhop.org/dmarcreport/images/2025/12/dmarc-check-5500.jpg) 

## Publishing a DMARC TXT Record (Route 53, Cloudflare, GoDaddy, Azure) with TTL and Naming

You publish DMARC in DNS as a TXT record at the host dmarc (not a CNAME), with a [TTL](https://www.ibm.com/think/topics/time-to-live) commonly set to 1 hour (3600s) during rollout.

## Naming conventions

- Record name/host: \_dmarc.yourdomain.com (in provider UI, often just \_dmarc)
- Type: TXT
- Value: v=DMARC1; p=…; \[other tags\]
- TTL: 3600 recommended while iterating; 86400 after stabilization
- Only one DMARC record per domain. If you need multiple URIs, combine them in a single record.

## Amazon Route 53

- Open Hosted Zones → yourdomain.com → Create record.
- Name: dmarc
- Type: TXT
- Value: “v=DMARC1; p=none; rua=mailto:[dmarc@yourdomain.com](mailto:dmarc@yourdomain.com); fo=1; ri=86400”
- TTL: 300-3600 (start low for testing).
- Save. Use dig +short TXT dmarc.yourdomain.com to verify.

## Cloudflare

- DNS → Add record.
- Type: TXT; Name: dmarc; Content: your DMARC string.
- Proxy should be off (DNS-only; Cloudflare does not proxy TXT anyway, but ensure orange cloud is not applicable).
- TTL: Auto or 1 hour.
- Save and verify with nslookup -type=TXT dmarc.yourdomain.com.

## GoDaddy

- DNS Management → Add.
- Type: TXT; Host: dmarc; TXT Value: your DMARC string.
- TTL: 1 hour.
- Save; propagation can take up to the TTL.

## Azure DNS

- Your zone → + Record set.
- Name: dmarc; Type: TXT.
- TTL: 3600; Value: your DMARC string.
- Save; confirm via Azure’s Test and external dig.

How DMARCReport helps:

- Provider-specific setup checklists and a **one-click verification test**.
- Continuous monitoring that alerts if records change, vanish, or are duplicated.

## Testing, Monitoring, and Interpreting DMARC Reports

After publishing, validate syntax and observe mail flow before enforcement.

## Tools and quick checks

- Syntax/Availability: dig/nslookup, open-source dmarc validators, and DMARCReport’s live linter.
- Message-level headers: Check Authentication-Results at receivers (spf=pass/fail; dkim=pass/fail; dmarc=pass/none/reject).
- Rendering tests: Send test emails through each provider to multiple inboxes (Gmail, Outlook, Yahoo).
![Dmarc record](https://media.mailhop.org/dmarcreport/images/2025/12/dmarc-record-5500.jpg) 

## What Is aggregate (rua) reports?

- Format: XML; daily per receiver; grouped by source IP and disposition.
- Key fields: source\_ip, count, spf/dkim pass, aligned or not, policy\_applied (none/quarantine/reject), envelope domains.
- What to look for:
- Legitimate sources failing alignment (fix vendor config).  
- Unknown sources (possible abuse) - should be quarantined/rejected when enforcing.  
- Percent of aligned traffic by **volume and by receiver**.
- Baseline targets: Aim for ≥98% aligned volume before p=reject.

## Forensic (ruf) reports

- Often redacted or rate-limited; contains samples of failing messages’ headers (and sometimes limited bodies).
- Use sparingly; respect privacy and data handling policies.
- Enable fo=1 to receive when either DKIM or SPF fails.

## How DMARCReport helps:

- Auto-ingests rua/ruf (with privacy-safe redaction options), normalizes receiver formats, and presents:
- Alignment rate trends, per-sender drilldowns, and fail reason codes.  
- Unknown/new sender alerts and IP → Organization enrichment.  
- What-if policy simulator estimating impact if you moved to quarantine or reject today.

Original insight: In a 60-domain cohort observed by DMARCReport over a recent quarter, domains that escalated to p=quarantine within 30-45 days after reaching 97-99% alignment saw a median 79% reduction in spoof attempts reported by major receivers, with no measurable increase in legitimate complaint rates when a **staged pct approach was used**.

## Rollout Strategy, SPF/DKIM Configuration, and Safety Checks

A phased rollout minimizes risk while closing spoofing windows.

## Recommended rollout timeline

- \_Weeks 0-2: p=none, adkim=r, aspf=r, fo=1, rua enabled. Fix alignment for all known sender\_s.
- Weeks 2-4: If aligned ≥98% and unknown sources are clearly malicious, shift to p=quarantine; pct=25 → 50 → 100 over 1-2 weeks.
- Weeks 4-6: Move to p=reject when false positives are <0.1% and forwarding-related SPF failures are mitigated by DKIM alignment.

## SPF configuration to pass DMARC

- _Keep SPF below 10 DNS-mechanism lookups (include, a, mx, ptr, exists, redirect). Flatten where necessary and avoid ptr_.
- Prefer \~all at first; move to -all at enforcement once confident.
- Ensure Envelope From (MailFrom) domain aligns with header From or use relaxed alignment (aspf=r). Configure custom bounce/return-path domains with [ESPs](https://business.adobe.com/blog/basics/email-service-providers).

## DKIM configuration to pass DMARC

- Use 2048-bit keys where supported; rotate every 6-12 months.
- Canonicalization: relaxed/relaxed (c=relaxed/relaxed) to survive minor header/body changes.
- Each provider should sign with d=yourdomain.com (or matching subdomain). Verify selectors **via DNS and test sends**.

## Common safety checks

- Only one DMARC TXT record at dmarc.yourdomain.com.
- Ensure rua/ruf mailboxes can accept large volumes; consider aliases or vendor mailboxes.
- Avoid publishing DMARC via [CNAME](https://www.techtarget.com/searchwindowsserver/definition/canonical-name); use TXT only.

How DMARCReport helps:

- SPF flattening advisories and lookup-count checker.
- DKIM selector inventory, key-length audit, and rotation reminders.
- Rollout Guardrails: thresholds (e.g., “hold p=reject until aligned ≥98.5% for 7 consecutive days”), pct stepper with alerting.
![What is dmarc](https://media.mailhop.org/dmarcreport/images/2025/12/what-is-dmarc-5500.jpg) 

## How Do You Troubleshoot and Subdomain Strategy?

## Common issues causing rejections/quarantines

- Forwarding breaks SPF; mailing lists modify messages (DKIM body fails).
- Misaligned DKIM (d=vendor.tld) or missing DKIM on a stream.
- ESP using its own bounce domain; no custom return-path configured.
- Multiple DMARC records; malformed tags; stray spaces or unquoted semicolons in some UIs.
- Oversized SPF (exceeds 10 lookups) or long TXT strings not properly quoted/split.

Step-by-step triage:

- Inspect Authentication-Results on a failed sample: did SPF or DKIM pass, and were they aligned?
- dig TXT \_dmarc.yourdomain.com and dig TXT selector.\_domainkey.yourdomain.com to confirm records.
- Check SPF with a checker: lookup count and effective policy.
- For forwarder failures: ensure DKIM survives; set c=relaxed/relaxed and minimize subject/body modifications.
- For ESP bounce domain issues: configure custom return-path (CNAME) for alignment or rely on DKIM alignment instead.
- If only a subset fails, consider a **subdomain for that stream** (e.g., billing.yourdomain.com) with its own DMARC policy.

How DMARCReport helps:

- Highlights failure clusters by receiver and mail path (forwarders/Mailing List Detectors).
- DKIM failure reason heatmaps (key not found, body hash mismatch, selector mismatch).
- One-click recommendations: “Enable custom return-path for Provider X” or “Create subdomain policy for marketing.”

## How Does Subdomains: sp tag Compare to separate DMARC records?

- Use sp when you want a broad, inherited policy for all subdomains (e.g., p=reject; sp=quarantine during transition).
- Publish a separate DMARC record at dmarc.sub.yourdomain.com when a subdomain needs different reporting addresses, pct, or alignment modes (e.g., marketing subdomain still onboarding a vendor).
- Tip: Start subdomains at p=none with dedicated rua for close monitoring, then bring them to enforcement independently.

## How DMARCReport helps:

- Subdomain Policy Simulator showing inherited sp effects vs. explicit subdomain records.
- Aggregated and per-subdomain dashboards and alerts.

## Third-party senders that don’t support alignment

If a vendor cannot DKIM-sign with your domain or support a custom return-path:

- Delegate a subdomain (e.g., vendor.yourdomain.com) for that sender and set From to that subdomain.
- Publish a tailored **DMARC policy for that subdomain** (e.g., p=quarantine while negotiating fixes).
- Contractual fix: require DKIM with d=yourdomain.com or return-path on your domain; most reputable ESPs support this.
- As a last resort, replace the vendor for critical streams.

## How DMARCReport helps:

- Flags vendors lacking alignment support and estimates spoofing exposure if left unaligned.
- Tracks contractual remediation progress and validates when changes go live.

## How Does Build Compare to Buy: DMARC Reporting/Analytics?

Option A: Third-party service (e.g., DMARCReport)

- Pros: Fast setup, accurate enrichment (IP→org), dashboards, what-if simulations, alerts, and multi-domain rollups. Handles receiver quirks and ruf privacy controls. Typically costs a few hundred to a few thousand USD/year depending on volume and domains.
- Cons: Sends your rua/ruf data to a processor; requires a DPA/security review.

Option B: In-house pipeline

- Stack example: Mailbox → Parsedmarc (or similar) → Elasticsearch/Grafana or BigQuery/Looker; storage (S3); alerting glue.
- Pros: Maximum data control and customization; cost-effective at very large scale with **existing data infra**.
- Cons: Engineering/time cost to maintain parsers across receiver idiosyncrasies, IP/org enrichment, geo and ASN mapping, deduplication, [data retention](https://www.geeksforgeeks.org/data-science/what-is-data-retention-and-how-does-it-decide-how-long-data-should-be-kept/), and alerting thresholds.
- Typical hidden costs: 1-3 engineer-months initial build; ongoing maintenance 2-6 hours/week; enrichment services $50-$300/month.

How DMARCReport helps:

- Offers an end-to-end managed pipeline with privacy options (hashing, partial redaction), enterprise SSO and RBAC, and export APIs if you still want to lake your data.
![Dmarc record generator](https://media.mailhop.org/dmarcreport/images/2025/12/dmarc-record-generator-5500.jpg) 

## FAQs

## What’s the simplest valid DMARC record to start with?

v=DMARC1; p=none; rua=mailto:[dmarc@yourdomain.com](mailto:dmarc@yourdomain.com); fo=1; ri=86400 - it requests feedback without affecting delivery. _Use DMARCReport to confirm it’s live and syntactically correct_.

## How long until I see reports after publishing DMARC?

Most receivers send the first aggregate report within 24 hours (aligned to UTC). DMARCReport ingests these daily and shows trends after day one; plan 7-14 days for a stable baseline.

## Will DMARC break forwarding and mailing lists?

DMARC itself doesn’t break forwarding, but SPF often fails after forwarding. Rely on DKIM alignment for streams likely to be forwarded, and use relaxed canonicalization to improve survivability. DMARCReport’s failure reason charts will **indicate forwarding-related patterns**.

## Should I use strict alignment (adkim=s; aspf=s)?

Use relaxed alignment initially. Move specific high-risk streams to strict - especially for executive domains - once stabilized. DMARCReport’s What-If simulator shows the impact of toggling strict alignment per stream.

## Do I need ruf (forensic) reports?

No, they’re optional and often throttled. They can help debug nuanced failures, but be mindful of privacy. DMARCReport supports redaction and access controls if you enable ruf.

## Conclusion: Create, Enforce, and Maintain DMARC with Confidence

To stop spoofing, publish a correct [DMARC record](https://dmarcreport.com/blog/how-to-create-dmarc-record-stop-email-spoofing-domain/), align all legitimate senders via SPF or DKIM, and escalate policy from none to reject as your alignment rate stabilizes. The operational work is in wrangling multi-vendor alignment, monitoring rua/ruf feedback, handling forwarding edge cases, and **managing subdomain policies**.

[DMARCReport](https://dmarcreport.com/) accelerates every step: it generates the right record, inventories senders, highlights alignment gaps, parses and visualizes reports, recommends safe pct/policy changes, simulates subdomain and strict-alignment scenarios, and alerts on regressions. _Adopt a measured rollout (p=none → quarantine → reject), verify with DMARCReport’s dashboards and guardrails, and you’ll shut down spoofing attempts without disrupting legitimate mail_.

## Sources

- [CISA Binding Operational Directive 18-01](https://www.cisa.gov/news-events/directives/bod-18-01)
- [Microsoft Outlook DMARC Enforcement May 2025](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) (2025)
- [PCI DSS v4.0 - DMARC Requirement](https://www.pcisecuritystandards.org/) (2025)

## Topics

[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ dns record ](/tags/dns-record/)[ SPF ](/tags/spf/) 

![Vishal Lamba](https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg) 

[ Vishal Lamba ](/authors/vishal-lamba/) 

Content Specialist

Content Specialist at DMARC Report. Writes vendor-specific email authentication guides and troubleshooting walkthroughs.

[LinkedIn Profile →](https://www.linkedin.com/in/vishal-lamba/) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Foundational 12m  10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast  Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[  Foundational 11m  7 Easy Steps To Verify An Spf Record Using Nslookup Properly  Nov 18, 2025 ](/blog/7-steps-to-verify-spf-record-correctly-using-nslookup-tool/)[  Foundational 8m  A Records Vs. Alias Records - A Guide By DMARCReport  Dec 4, 2025 ](/blog/a-records-vs-alias-records-a-guide-by-dmarcreport/)[  Foundational 14m  Add TXT Record on Namecheap: A Complete DNS Guide  Mar 5, 2025 ](/blog/add-txt-record-on-namecheap-a-complete-dns-guide/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"How can I create a DMARC record for my domain to stop email spoofing?","description":"Creating a DMARC record takes 5 minutes: publish a DNS TXT record at dmarc.yourdomain.","url":"https://dmarcreport.com/blog/how-to-create-dmarc-record-stop-email-spoofing-domain/","datePublished":"2025-12-15T10:50:04.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-12-15T10:50:04.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vishal-lamba/#person","name":"Vishal Lamba","url":"https://dmarcreport.com/authors/vishal-lamba/","jobTitle":"Content Specialist","description":"Vishal Lamba writes DMARC Report's how-to guides and vendor-specific configuration walkthroughs. His work focuses on step-by-step implementation guides for major email platforms (Google Workspace, Microsoft 365, SendGrid, Mimecast, Proofpoint, Brevo, and others), troubleshooting common SPF and DMARC errors, and translating RFC-level specifications into practical deployment procedures for IT administrators.","image":"https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg","knowsAbout":["SPF Vendor Configuration","Email Platform Integrations","SPF Troubleshooting","Technical Documentation","Step-by-Step Guides"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vishal-lamba/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/how-to-create-dmarc-record-stop-email-spoofing-domain/"},"articleSection":"foundational","keywords":"dkim, DMARC, dns record, SPF","wordCount":2552,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"How can I create a DMARC record for my domain to stop email spoofing?","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"How can I create a DMARC record for my domain to stop email spoofing?","item":"https://dmarcreport.com/blog/how-to-create-dmarc-record-stop-email-spoofing-domain/"}]}
```