Skip to content

Free DMARC Checker - Validate Your Domain's Email Security

Check your DMARC record instantly. See your policy (none/quarantine/reject), verify RUA reporting is configured, and check alignment mode. Perfect for email admins and marketers.

Takes ~10 seconds

No login required for preview No emails stored GDPR-friendly

What This Tool Checks

DMARC Record Presence

Verifies _dmarc.domain.com TXT record exists

Policy Level (p=)

Shows none, quarantine, or reject setting

RUA Reporting

Checks if aggregate reports are configured

Alignment Mode

Shows SPF/DKIM alignment (relaxed/strict)

How to Fix Common Issues

No DMARC Record Found

Add a TXT record at _dmarc.yourdomain.com:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

Policy is p=none (No Protection)

After monitoring reports, upgrade to quarantine or reject:

v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com

No RUA Reporting Configured

Add rua= to receive aggregate reports:

rua=mailto:dmarc-reports@yourdomain.com

How It Works

1

Enter Your Domain

Type your domain name without http:// or www

2

We Query DNS

Our tool fetches your _dmarc TXT record in real-time

3

Get Instant Results

See your policy, reporting status, and recommendations

Frequently Asked Questions

What is a DMARC record?

A DMARC record is a DNS TXT record that tells email receivers how to handle messages that fail SPF or DKIM authentication. It specifies a policy (none, quarantine, or reject) and can include reporting addresses to receive authentication reports.

What DMARC policy should I use?

Start with p=none to monitor without affecting delivery. After reviewing reports and ensuring legitimate emails pass, move to p=quarantine, then p=reject for maximum protection. This gradual approach prevents blocking legitimate emails.

What is DMARC alignment?

DMARC alignment ensures the domain in the From header matches the domains used in SPF and DKIM authentication. Relaxed alignment (default) allows subdomains, while strict alignment requires exact matches.

How do I set up DMARC reporting?

Add rua=mailto:your-email@domain.com to your DMARC record for aggregate reports. These XML reports show authentication results from receiving mail servers, helping you identify issues and unauthorized senders.

Why is my DMARC failing?

DMARC fails when neither SPF nor DKIM passes with alignment. Common causes include: missing SPF/DKIM records, third-party senders not configured properly, forwarded emails breaking authentication, or misaligned domains.

Understanding DMARC: The Complete Guide

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds on SPF and DKIM to protect your domain from email spoofing and phishing attacks. Published as a DNS TXT record at _dmarc.yourdomain.com, DMARC tells receiving mail servers how to handle emails that fail authentication checks.

Why DMARC Matters for Your Domain

Without DMARC, cybercriminals can send emails that appear to come from your domain. This is called email spoofing, and it's used in 90% of phishing attacks. When someone spoofs your domain to send malicious emails, it damages your brand reputation, erodes customer trust, and can lead to your legitimate emails being blocked.

DMARC solves this by letting you:

  • Monitor who is sending email using your domain
  • Protect your domain from unauthorized senders
  • Report authentication results back to you

DMARC Policy Levels Explained

The DMARC policy (p= tag) tells receivers what to do with emails that fail authentication:

  • p=none - Monitor only. Emails are delivered normally, but you receive reports. Start here to understand your email ecosystem.
  • p=quarantine - Suspicious emails go to spam/junk folders. Use this after confirming legitimate senders pass authentication.
  • p=reject - Maximum protection. Emails that fail are blocked entirely. The goal for full domain protection.

DMARC Reporting: RUA vs RUF

DMARC provides two types of reports to help you monitor authentication:

  • RUA (Aggregate Reports) - Daily XML summaries showing authentication results from all receiving servers. Essential for monitoring and identifying issues.
  • RUF (Forensic Reports) - Individual failure reports with message details. Useful for debugging but may contain sensitive data and aren't widely supported.

At minimum, always configure rua=mailto:dmarc@yourdomain.com to receive aggregate reports.

The DMARC Implementation Path

Implementing DMARC is a journey, not a one-time setup. Here's the recommended approach:

  1. Deploy SPF and DKIM first - DMARC requires at least one of these to pass with alignment.
  2. Start with p=none - Monitor for 2-4 weeks to identify all legitimate email sources.
  3. Fix alignment issues - Configure third-party senders to use your domain for SPF/DKIM.
  4. Move to p=quarantine - Test that legitimate emails still deliver properly.
  5. Upgrade to p=reject - Full protection once you're confident in your configuration.

Common DMARC Mistakes to Avoid

  • Jumping straight to p=reject - This can block legitimate emails from third-party services you forgot about.
  • Not monitoring reports - Without RUA reports, you're flying blind and can't identify issues.
  • Ignoring subdomains - Use sp= to set a policy for subdomains, or attackers will spoof anything.yourdomain.com.
  • Forgetting third-party senders - Marketing platforms, CRMs, and support tools all need proper configuration.

Related Email Security Tools

SPF Checker

Validate SPF records and DNS lookup count

DKIM Checker

Find and validate DKIM selectors

BIMI Checker

Validate BIMI logo and VMC setup

Monitor Your DMARC Daily

Get alerts when your DMARC record changes or issues are detected.

Start Free Monitoring