Create a DMARC Record With DMARC Builder

DMARC Protection's DMARC Builder allows you to look up the DMARC policy record for any domain. You can then use the DMARC Builder to either modify or create the text of a valid DMARC record for the domain(s). Finally the DMARC Builder provides information about the DNS provider for the domain and how to get the DMARC record published.

(This guide assumes you’ll be editing your own DNS infrastructure. Contact Agari Support https://www. Agari.com/support/ if you are interested in hosting DMARC records at Agari.)

  1. Go Tools > DMARC.
    Create and Manage your DMARC records.
    DMARC Builder Step 1
  2. Enter a domain name.
  3. Click Look up to view the domain’s current DMARC record or create a new one. If the domain has no DMARC policy, you will be presented with the option to create a new DMARC record or to host a new DMARC record at Agari.
    Create new DMARC record.
  4. Click Create new DMARC record.
  5. Enter the settings for the DMARC record. See DMARC Builder Settings for details.
  6. Click Continue.
  7. Click Create Instructions. This will download a text file (.txt) to use in the next step.

NOTE: Repeat for each domain you plan to protect in DMARC Protection.

DMARC example

In this example, the domain is “example.com”, the policy is “Monitor,” and the email address at Agari to send reporting data to is “agari-data@rua.agari.com” and “agari-data@ruf.agari.com.”

DMARC Builder Step 2
DMARC Builder Step 2

This DMARC record is for the domain “example.com”:

DMARC Builder Step 3
DMARC Builder Step 3

It defines the following parameters:

  • DNS record location — The DNS text record must be installed for _dmarc.example.com
  • v=DMARC — This is version 1 of the DMARC specification
  • p=none — The policy (p=) for this record is None, or a monitor only policy
  • fo=1 — The directive to send a DMARC failure report to the domain owner if authentication/alignment vulnerabilities are found is 1, or if anything other than an aligned (pass) is produced
  • ri=3600 — The reporting interval (ri=) should be 3600 seconds, or once per hour
  • rua=organization_name@rua.agari.com — The reporting user email address for aggregate information (rua=) should be sent to. This address is unique for your organization and is the mechanism by which Agari receives data.
  • ruf=organization_name@ruf.agari.com — The reporting user email address for forensic information (ruf=) should be sent to. This address is unique for your organization and is the mechanism by which Agari receives data.