Your domain

Build your SPF and DMARC records

Answer two questions and copy the exact DNS records that stop scammers from sending email as your domain. No signup, and nothing you type leaves this page.

Private by design
  • The records are assembled entirely in your browser. Your domain and addresses are never sent to us.

Who sends email for your domain?

Sending services like Amazon SES, SendGrid and Mailgun usually authenticate on their own subdomain with records from their setup guide - only tick them here if their guide tells you to add the include yourself.

What should happen to email from anywhere else?

Your record

Type
TXT
Host / name
@

Some providers use extra lookups inside their own SPF records, so stay well under the limit of 10.

Added the records?

DNS changes can take up to an hour to spread. Once they have, test your domain with the SPF/DKIM/DMARC checker.

Frequently asked questions

Where do I put these records?

At the company that manages your domain's DNS - often your registrar (GoDaddy, Namecheap, Google Domains) or your web host. Look for "DNS settings" or "DNS records", add a TXT record, and paste the host and value shown here.

Will publishing SPF and DMARC break my email?

Not if you go gradually. List every service that sends email for you in SPF, start DMARC at p=none (report-only), and watch the reports for a few weeks before tightening to quarantine or reject. Mail keeps flowing the whole time.

Why do small businesses need SPF and DMARC?

Without them, anyone can send email that looks like it comes from your domain - to your customers, suppliers, or staff. These records let receiving servers spot and block the fakes, and Google and Microsoft increasingly filter unauthenticated mail into junk.