Analyze Your Email Authentication Policy
DMARC Record Checker
Look up and parse any domain's DMARC record โ see the policy, alignment settings, reporting URIs, and get actionable security recommendations.
Frequently Asked Questions
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that builds on SPF and DKIM. It tells receiving mail servers what to do when a message fails authentication โ none (monitor), quarantine, or reject โ and where to send aggregate and forensic reports.
What does the DMARC policy (p=) mean?
The p= tag defines how unauthenticated mail should be handled. "none" means take no action (monitor only), "quarantine" means mark as spam, and "reject" means block the message entirely. A "reject" policy provides the strongest protection against spoofing.
What are rua and ruf in DMARC?
rua (Reporting URI for Aggregate reports) specifies where daily summary reports are sent, showing authentication pass/fail statistics. ruf (Reporting URI for Forensic reports) specifies where detailed failure reports are sent for individual messages that fail DMARC. Both are email addresses prefixed with mailto:.
What do adkim and aspf alignment modes mean?
adkim and aspf control how strictly the DKIM and SPF domains must match the From header domain. "r" (relaxed) allows subdomains to pass, while "s" (strict) requires an exact domain match. Relaxed is the default and works for most setups.
How long does it take for DMARC changes to propagate?
DNS changes for DMARC typically propagate within a few minutes to 48 hours depending on the TTL (Time To Live) of your DNS records. It's recommended to start with p=none and move to quarantine/reject after reviewing reports.
Complete Guide: How to Use the DMARC Record Checker
Validate your domain's DMARC (Domain-based Message Authentication, Reporting & Conformance) policy. Our checker parses the DMARC record, verifies policy mode, alignment settings, reporting URIs, and identifies common configuration issues that could affect email deliverability and security.
Step-by-Step Instructions
- 1
Enter your domain
Type the domain whose DMARC record you want to check (e.g., example.com). The tool looks up the TXT record at _dmarc.domain.
- 2
View the DMARC policy
See the parsed DMARC record with each tag explained: policy mode (p=), subdomain policy (sp=), percentage (pct=), and alignment (adkim=, aspf=).
- 3
Check reporting URIs
Verify that rua (aggregate) and ruf (forensic) reporting addresses are correctly configured and accepting reports.
- 4
Review recommendations
The tool provides actionable recommendations for strengthening your DMARC policy based on common best practices.
Common Use Cases
- โEmail security โ verify DMARC is protecting your domain from email spoofing and phishing
- โDeliverability โ ensure DMARC configuration doesn't block legitimate emails from your domain
- โCompliance โ meet security requirements that mandate DMARC enforcement (NIST, PCI DSS)
- โMonitoring โ check that DMARC reporting addresses are correctly set to receive aggregate reports
- โMigration โ verify DMARC configuration after changing email providers or DNS hosts
- โAudit โ review DMARC policies as part of information security assessments
Pro Tips
Related Tools
DNS Lookup Tool
Check DNS records for any domain. Lookup A, AAAA, MX, CNAME, TXT and NS records online.
SPF Record Checker
Validate SPF records and detect issues โ too many lookups, syntax errors, and missing includes.
DKIM Record Checker
Look up and validate DKIM public key records. Verify selector, key length, algorithm and flags.
BIMI Record Checker
Check BIMI (Brand Indicators for Message Identification) DNS records. Verify your brand logo in email clients.