Apprezo Helpdesk - Help Center

DMARC Record Wizard: A Step-by-Step Guide

Jan//Apprezo
Written by Jan//ApprezoLast updated 1 year ago

DMARC Record Wizard: A Step-by-Step Guide

Understanding DMARC and the Record Wizard

The DMARC Record Wizard simplifies the creation of a DMARC record for your domain, helping you gain insights and protect your domain from abuse. This tool guides you through the entire process, making it easier to customize and implement a DMARC policy tailored to your specific needs.

Step 1: Enter Your Domain

Begin by entering the domain name you want to authenticate. This is the domain that will be protected by the DMARC policy.

Step 2: Select Your Policy Posture

When setting up your DMARC policy, you have three options for handling emails that fail authentication checks:

  • None: Start with this policy to monitor the impact without disrupting email delivery. It gathers data on emails that don’t align with your policy.

  • Quarantine: Emails that fail DMARC checks are marked for review, possibly ending up in the recipient's spam folder.

  • Reject: Emails that don’t pass the DMARC check are rejected, meaning they won’t reach the intended recipient at all.

Choosing the right policy is crucial as it defines how strict your domain's email security will be.

Step 3: Register Your Email Address

In this step, enter the email address where you want to receive aggregate DMARC reports. These reports provide insights into the emails sent on behalf of your domain, helping you understand which messages are passing or failing the DMARC checks. It's best to use a dedicated email address, such as dmarc-reports@yourdomain.com, to handle these reports.

Step 4: Provide a Failure Reporting Address

You can choose to receive forensic reports, which provide detailed information on each email that fails the DMARC check. These reports can help you investigate potential abuse of your domain. If you opt out, you'll only receive aggregate data.

Step 5: Choose Alignment Identifier

Identifier alignment ensures that the domain in the From header aligns with the domains verified by DKIM and SPF:

  • Relaxed Alignment: Allows subdomains of the From header domain to pass DMARC. This is less strict and better for legitimate emails that might use different subdomains.

  • Strict Alignment: Requires an exact match between the domains, providing stronger security but potentially leading to legitimate emails failing if they use different subdomains or domains.

Your choice here balances security with the likelihood of false positives.

Step 6: Set a Subdomain Policy (Optional)

You can specify a different DMARC policy for your subdomains. By default, the same policy applies to all subdomains as the main domain. If you don’t send emails from subdomains, a reject policy can help prevent abuse. If unsure, it’s best to observe first and adjust later based on aggregate data.

Step 7: Set Policy Percentage

This step lets you decide the percentage of your email traffic that the DMARC policy will apply to. Starting with less than 100% helps you monitor the impact and gradually enforce the policy as you become more confident in your setup.


Final Steps:

After completing these steps, the DMARC Record Wizard generates the correct DMARC record syntax. You'll need to enter this record into the DNS settings with your hosting provider to activate your DMARC policy. This step is critical as it enables email servers to recognize and enforce your domain's authentication policies.

For more detailed guidance and to use the tool, you can visit the DMARC Record Wizard.

This wizard is an invaluable tool for any domain owner looking to enhance their email security and protect their brand from misuse.


Did this article help you solve your issue?

Apprezo Helpdesk - Help Center

© 2026 Apprezo Helpdesk - Help Center. All rights reserved.