Free DMARC Record Checker & Policy Validator
Check your DMARC record instantly. Validate DMARC policy (p=none/quarantine/reject), test SPF/DKIM alignment, verify RUA/RUF reporting addresses, and prevent email spoofing. Free DMARC analyzer for email authentication.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that helps protect your domain from email spoofing and phishing attacks.
Authentication
Builds on SPF and DKIM to verify email authenticity
Policy Control
Set actions for emails that fail authentication
Reporting
Get detailed reports on email authentication results
Alignment
Ensure SPF and DKIM align with your domain
Live DMARC Lookup
DMARC Record Found
Policy Analysis
Enter a domain above to check its DMARC record
Policy Strength Meter
Understanding DMARC policy levels and their security implications.
p=none
Monitor mode - no action taken on failed emails
p=quarantine
Failed emails sent to spam/junk folder
p=reject
Failed emails are rejected and not delivered
Common DMARC Fixes
Ready-to-implement solutions for common DMARC issues.
Missing DMARC Record
Add this TXT record to _dmarc.yourdomain.com:
Upgrade Policy Strength
Gradually increase protection:
Add Reporting Addresses
Enable aggregate and forensic reports:
Copy-Ready DMARC Record
Generate a DMARC record tailored to your needs
Configuration Options
Generated Record
Related Email Security Tools
Complete your email authentication setup with these tools.
Run a Full Email Security Audit
Check DMARC, SPF, DKIM, MTA-STS, and more in one comprehensive scan
Frequently Asked Questions
Common questions about DMARC implementation and management.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that builds on SPF and DKIM to prevent email spoofing and phishing attacks. It allows domain owners to specify how email receivers should handle messages that fail authentication checks.
Should I use p=reject?
Start with p=none to monitor your email authentication without affecting delivery. After analyzing reports and ensuring legitimate emails pass authentication, gradually move to p=quarantine, then p=reject. This phased approach prevents blocking legitimate emails.
How to add rua/ruf reporting addresses?
Add rua=mailto:dmarc@yourdomain.com for aggregate reports and ruf=mailto:dmarc@yourdomain.com for forensic reports to your DMARC record. Make sure the email addresses exist and can receive reports. Aggregate reports provide summary data, while forensic reports contain detailed failure information.
How long does DMARC take to work?
DMARC records typically propagate within a few hours, but it can take up to 48 hours for full DNS propagation. Email providers may cache DNS records, so you might not see immediate effects. Start receiving DMARC reports within 24-48 hours of implementation.
What's the difference between strict and relaxed alignment?
Relaxed alignment (default) allows subdomains to pass authentication for the parent domain. Strict alignment requires exact domain matches. Use aspf=s for strict SPF alignment and adkim=s for strict DKIM alignment in your DMARC record if you need tighter security.