---
title: "How to Create a DMARC Record: Step-by-Step Guide | DMARC Report"
description: "Create a DMARC record in 5 steps: choose a policy, configure reporting, set alignment, format the record, and add it to your DNS. Includes code examples and DNS provider guides."
image: "https://dmarcreport.com/images/og-default.png"
canonical: "https://dmarcreport.com/create-dmarc-record/"
---

Guide 

# Create a DMARC record  
in 60 seconds 

**Creating a DMARC record takes 5 steps: choose a policy, configure a reporting address, set alignment mode, format the DNS TXT record, and add it at `_dmarc.yourdomain.com`.** 

Required by Google, Yahoo, and Microsoft for bulk senders. Mandatory under PCI DSS v4.0 for customer-facing domains.

[ Use the Generator Tool → ](/tools/dmarc-record-generator/) [Follow the Guide](#step-1) 

Before You Start 

## Prerequisites: SPF and DKIM

DMARC builds on SPF and DKIM. It requires that at least one of them passes **and** aligns with the visible From header domain. Before creating a DMARC record, verify both are configured.

[ SPF Check your SPF record Verify authorized senders and DNS lookup count ](/tools/spf-checker/) [ DKIM Inspect DKIM selectors Verify signing configuration across all senders ](/tools/dkim-lookup/) 

Authentication Flow

SPF

Is the sending server authorized?

DKIM

Was the message altered in transit?

DMARC

Does SPF or DKIM align with the From domain?

Policy

What happens to failures? (none / quarantine / reject)

Step by Step 

## Create your DMARC record in 5 steps

Follow these steps to publish a valid DMARC record. The entire process takes less than 5 minutes.

1

### Choose your DMARC policy

Start with p=none for monitoring. This lets you see who sends email from your domain without affecting delivery. After 90+ days of monitoring, move to p=quarantine, then p=reject.

p=none      # Monitor only - no email affected
p=quarantine # Route failures to spam
p=reject     # Block failures entirely

Never start with p=reject. Legitimate senders that fail authentication will be blocked. 

2

### Set your reporting address

Add a rua= tag so receivers send you daily aggregate reports. These XML reports show who sends email from your domain and whether they pass authentication. Use DMARC Report to convert raw XML into a visual dashboard.

rua=mailto:dmarc-reports@yourdomain.com

If rua= points to a domain different from the one being monitored, you need an external verification DNS record. 

3

### Set alignment mode

Alignment controls whether the domain in SPF/DKIM must exactly match (strict) or can be a subdomain of (relaxed) the From header domain. Start with relaxed alignment - strict can break third-party senders.

adkim=r  # Relaxed DKIM alignment (default)
aspf=r   # Relaxed SPF alignment (default)

Relaxed alignment allows mail.example.com to align with example.com. Strict requires an exact match. 

4

### Format the complete record

Combine all tags into a single TXT record value. Tags are separated by semicolons. The v= tag must come first.

v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; adkim=r; aspf=r; fo=1

The fo=1 tag generates forensic reports when either SPF or DKIM fails, giving maximum early visibility. 

5

### Add the record to DNS

Log in to your DNS provider and create a new TXT record. Set the host/name to \_dmarc (your provider adds the domain automatically). Paste the record value.

Host: _dmarc
Type: TXT
Value: v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; adkim=r; aspf=r; fo=1
TTL: 3600

DNS changes propagate within minutes to 48 hours. Use a DMARC checker to verify the record is live. 

DNS Providers 

## Provider-specific setup guides

Step-by-step guides for adding DMARC records to the most popular DNS providers and email platforms.

[ GoDaddy ](/blog/create-dmarc-record-godaddy-enhanced-email-security/)[ Cloudflare ](/blog/how-to-add-dkim-record-in-cloudflare-complete-guide/)[ Namecheap ](/blog/add-txt-record-on-namecheap-a-complete-dns-guide/)[ Bluehost ](/blog/bluehost-verification-a-step-by-step-guide-to-account-setup/)[ HostGator ](/blog/how-to-add-domain-to-hostgator-step-by-step-guide/)[ Office 365 ](/blog/dmarc-office-365-complete-setup-guide-2026/)[ Google Workspace ](/blog/dmarc-google-workspace-gmail-setup-2026/) 

Shortcut 

## Use our free DMARC Record Generator

Answer a few questions and get a valid DMARC record you can copy-paste into your DNS. No signup required.

[ Open DMARC Record Generator → ](/tools/dmarc-record-generator/) 

Already have a record? [Check it with our DMARC Checker](/tools/dmarc-checker/) 

What Comes Next 

## After publishing your DMARC record

Publishing the record is step one. The path to full enforcement requires patience - plan for 9 to 18 months.

1

### Monitor aggregate reports daily

Review your DMARC Report dashboard to identify all senders, confirm legitimate sources pass authentication, and flag unauthorized sources. Allow at least 7 days for reports to arrive from all major receivers.

2

### Fix authentication failures

For each legitimate sender that fails SPF or DKIM, update your SPF record to include their sending IPs or configure DKIM signing through their platform. Verify alignment passes before moving to enforcement.

3

### Wait 90+ days per phase

Each enforcement phase (none, quarantine, reject) requires a minimum of 90 days of monitoring. The full journey to p=reject typically takes 9 to 18 months. Do not rush enforcement.

4

### Progress to enforcement gradually

Move to p=quarantine with pct=25, increase to 50, then 100 over several weeks. After another 90+ days with clean results, advance to p=reject using the same gradual pct= approach.

FAQ 

## Frequently asked questions about creating DMARC records

### How long does it take to create a DMARC record?

Publishing a DMARC record takes less than 5 minutes. The record itself is a single DNS TXT entry. However, reaching full enforcement at p=reject takes 9 to 18 months of monitoring and gradual policy progression.

### Do I need SPF and DKIM before DMARC?

Yes. DMARC builds on SPF and DKIM - it requires that at least one of them passes and aligns with the From header domain. Without SPF or DKIM configured, DMARC has nothing to evaluate and all messages will fail.

### What is the best starting DMARC policy?

Always start with p=none. This is a monitoring-only policy that lets you identify all legitimate sending sources without affecting email delivery. Moving to quarantine or reject without monitoring first will block legitimate email.

### Can I use a free email address for DMARC reports?

Technically yes, but it is not recommended. Aggregate reports are XML files that arrive in high volumes for active domains. Use a dedicated address and a DMARC report analyzer like DMARC Report to process them automatically.

### What happens if I make a mistake in my DMARC record?

If the record has a syntax error, receivers treat it as if no DMARC record exists. Your email is delivered based on SPF and DKIM results alone. Use a DMARC checker to validate your record before and after publishing.

## Ready to create your DMARC record?

Use our free generator tool or start a free trial to monitor your domain with DMARC Report.

[Generate DMARC Record](/tools/dmarc-record-generator/)

## Easy Setup, Verified by Customers

![G2 Leader - DMARC](https://media.mailhop.org/dmarcreport/images/g2-badges/DMARC_Leader_Leader.png)

Rated 4.8/5 on G2 · 469 verified reviews

![G2 Momentum Leader - DMARC](https://media.mailhop.org/dmarcreport/images/g2-badges/DMARC_MomentumLeader_Leader.png)

DG

Dave G.

Owner

5/5

### "DMARC Report has been invaluable in fixing email deliverability issues for our clients"

DMARC Report dashboard allows us to see easily what is compliant and what isn't compliant so we can quickly fix issues.

9/27/2022Verified on G2

AL

Antoine L.

5/5

### "Incredible Service for an affordable price"

The software is easy to use and has also an entry friendly free plan up to 1,000 mails per month.

9/12/2023Verified on G2

ZK

Zunaid K.

Director

5/5

### "Essential tool for email delivery"

This tool helps us to implement DMARC reporting for our domains in an easy to use manner.

8/8/2024Verified on G2

[Read all 469 reviews on G2 →](https://www.g2.com/products/dmarc-report/reviews)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"How long does it take to create a DMARC record?","acceptedAnswer":{"@type":"Answer","text":"Publishing a DMARC record takes less than 5 minutes. The record itself is a single DNS TXT entry. However, reaching full enforcement at p=reject takes 9 to 18 months of monitoring and gradual policy progression."}},{"@type":"Question","name":"Do I need SPF and DKIM before DMARC?","acceptedAnswer":{"@type":"Answer","text":"Yes. DMARC builds on SPF and DKIM - it requires that at least one of them passes and aligns with the From header domain. Without SPF or DKIM configured, DMARC has nothing to evaluate and all messages will fail."}},{"@type":"Question","name":"What is the best starting DMARC policy?","acceptedAnswer":{"@type":"Answer","text":"Always start with p=none. This is a monitoring-only policy that lets you identify all legitimate sending sources without affecting email delivery. Moving to quarantine or reject without monitoring first will block legitimate email."}},{"@type":"Question","name":"Can I use a free email address for DMARC reports?","acceptedAnswer":{"@type":"Answer","text":"Technically yes, but it is not recommended. Aggregate reports are XML files that arrive in high volumes for active domains. Use a dedicated address and a DMARC report analyzer like DMARC Report to process them automatically."}},{"@type":"Question","name":"What happens if I make a mistake in my DMARC record?","acceptedAnswer":{"@type":"Answer","text":"If the record has a syntax error, receivers treat it as if no DMARC record exists. Your email is delivered based on SPF and DKIM results alone. Use a DMARC checker to validate your record before and after publishing."}}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Learn","item":"https://dmarcreport.com/what-is-dmarc/"},{"@type":"ListItem","position":3,"name":"Create a DMARC Record","item":"https://dmarcreport.com/create-dmarc-record/"}]}
```