AES Encryption Explained: How It Works and Why It Matters
Jun 23, 2026
Build DMARC DNS TXT records with customizable policy, reporting, alignment, and enforcement options.
Email to receive aggregate DMARC reports (XML).
Email to receive forensic (failure) reports.
Percentage of messages to apply policy to (1-100).
Report interval in seconds (default 86400 = 24h).
Add this as a TXT record for _dmarc.<yourdomain.com> in your DNS zone.
Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email authentication protocol that tells receiving mail servers how to handle email that fails SPF or DKIM checks. It is published as a DNS TXT record at _dmarc.yourdomain.com and works alongside SPF and DKIM to provide comprehensive email authentication.
A DMARC record specifies the policy (p=none, p=quarantine, or p=reject), where to send reports (RUA for aggregate, RUF for forensic), alignment requirements for DKIM and SPF, and optional parameters like percentage (pct) and subdomain policy (sp). The recommended starting point is p=none (monitoring) to gather data, then gradually tighten to p=quarantine and finally p=reject.
DMARC helps prevent email spoofing, phishing, and domain impersonation. Major email providers like Gmail, Yahoo, and Microsoft use DMARC policies to decide whether to deliver, quarantine, or reject email that claims to be from your domain.
p=none to monitor without affecting delivery. Once you've verified SPF and DKIM work, move to p=quarantine then p=reject.r) alignment for most setups. Strict (s) requires an exact domain match for DKIM/SPF._dmarc.yourdomain.com in your DNS zone.Always start with p=none (monitoring). This allows you to collect DMARC reports and verify that your legitimate email passes SPF and DKIM checks without affecting delivery. After 1-2 weeks of monitoring, move to p=quarantine, then after another week to p=reject for maximum protection.
RUA (Aggregate Reports) are daily XML summaries showing how receiving servers evaluate your email authentication. RUF (Forensic Reports) are individual failure reports triggered when an email fails authentication. RUF can generate high volumes and is optional. Most organizations use a DMARC analysis service (like dmarcian, Postmark, or URIports) for easier report processing.
Yes. DMARC builds on SPF and DKIM — it tells receivers what to do when those checks fail. Without properly configured SPF and DKIM, setting DMARC to p=reject will cause legitimate email to be rejected. Use the SPF Record Generator and DKIM Record Generator tools first, then publish your DMARC record.
Blog
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026