Free RFC 9989 planner
Build the policy—and the safe path to enforce it.
Generate current DMARC syntax, expose risky alignment and policy choices, prepare external report authorization, and leave with a staged deployment plan instead of a dangerous one-line record.
Generated DNS change
Ready for a reviewed publish
- Name
_dmarc.example.com- Type
- TXT
- Value
v=DMARC1; p=none; adkim=r; aspf=r;
Note: p=none requests reports but does not ask receivers to quarantine or reject failing mail.
Review: Without rua, you lose the aggregate evidence needed for a safe enforcement rollout.
MailDNS intentionally excludes the historic pct, rf, and ri tags. It also omits failure reports (ruf) because they can contain message or personal data.
Deployment sequence
A policy is a rollout, not a copy-paste event.
- 01
Observe legitimate senders
Collect aggregate reports across a normal sending cycle and account for every expected source before enforcement.
v=DMARC1; p=none; adkim=r; aspf=r; - 02
Signal the intended policy in test mode
Confirm aligned DKIM or SPF for every business-critical stream and investigate unknown high-volume sources.
v=DMARC1; p=quarantine; adkim=r; aspf=r; t=y; - 03
Apply the reviewed policy
Keep reviewing reports after enforcement; quarantine is not an inbox-placement guarantee.
v=DMARC1; p=quarantine; adkim=r; aspf=r;