Generate a valid DMARC record for your domain. Protect against email spoofing and get visibility into email authentication.
Start with "none" to monitor, then gradually move to "quarantine" and "reject" once you've verified all legitimate sources.
Percentage of emails to apply policy to (1-100). Use lower values during testing.
Email address to receive aggregate DMARC reports. Use MailSentinel for comprehensive reporting and analytics.
Email for detailed failure reports. Note: Many providers don't send forensic reports due to privacy concerns.
DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on SPF and DKIM to give domain owners control over what happens to unauthenticated emails.
DMARC checks if emails pass SPF or DKIM AND if the "From" domain aligns. If checks fail, the receiving server follows your policy (none/quarantine/reject).
DMARC reports show who's sending email using your domain. This helps identify unauthorized senders and ensure legitimate sources are properly authenticated.
Start here. Collect reports for 2-4 weeks to identify all legitimate email sources.
After fixing issues, move to quarantine. Start at pct=10 and gradually increase.
Once confident, enable reject to fully protect your domain from spoofing.
Pro Tip: Before enabling DMARC, ensure you have valid SPF and DKIM records. Use our Domain Health Check to verify your setup, and SPF Generator if you need to create an SPF record.