Free DMARC Record Checker
Validate your DMARC policy, check alignment settings, verify reporting configuration, and detect duplicate records or missing authorization.
Check Your DMARC Record
Enter your domain to analyze your DMARC configuration and get actionable insights.
What is a DMARC Record?
A DMARC (Domain-based Message Authentication, Reporting & Conformance) record is a DNS entry that instructs receiving mail servers on how to handle emails that don't pass SPF or DKIM authentication checks. Think of it as a digital bouncer — ensuring only legitimate emails make it to your recipients' inboxes.
Without a DMARC record, anyone could impersonate your domain and send malicious emails. DMARC ties together SPF and DKIM into a unified policy, giving you control over what happens when authentication fails and providing visibility through aggregate and forensic reports.
Components of a DMARC Record
Version
Always v=DMARC1
Identifies this as a DMARC record.
Policy (p=)
none | quarantine | reject
How to handle emails that fail authentication.
Subdomain Policy (sp=)
Separate policy for subdomains
Optionally apply different rules to subdomains.
Aggregate Reports (rua=)
mailto:reports@example.com
Where to send summary authentication reports.
Forensic Reports (ruf=)
mailto:failures@example.com
Where to send detailed failure reports.
Alignment (adkim/aspf)
s (strict) | r (relaxed)
How strictly DKIM/SPF domains must match the From header.
Example DMARC record:
v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; ruf=mailto:dmarc-failures@example.com; adkim=s; aspf=s; Creating Your DMARC Record
Ensure SPF and DKIM are configured
DMARC builds on SPF and DKIM. Before creating a DMARC record, verify that both are properly set up for your domain. Use our free SPF checker to validate your SPF record.
Choose a policy
Start with p=none to monitor email traffic without affecting delivery. Once you're confident, move to quarantine or reject for full enforcement.
Define reporting addresses
Set up aggregate (rua) and forensic (ruf) report destinations to gain visibility into your email authentication landscape.
Specify alignment and publish
Choose strict or relaxed alignment for SPF and DKIM. Then add the record as a TXT entry at _dmarc.yourdomain.com in your DNS.
Verify and monitor
Use a DMARC testing tool to confirm your record is published correctly. Regularly review reports and adjust your policy as you gain confidence in your authentication setup.
Why Monitor Your DMARC Configuration?
Catch Unauthorized Senders
Regular DMARC checks reveal who is sending email from your domain — including senders you didn't authorize.
Track Policy Enforcement
Verify your DMARC policy is active and correctly enforcing authentication across all receiving mail servers.
Detect Misconfigurations
Spot duplicate records, missing report destinations, incorrect alignment modes, and other common setup mistakes before they affect delivery.
Validate After DNS Changes
Any DNS update can accidentally break your DMARC record. Run a check after every change to confirm your authentication is intact.
Frequently Asked Questions
How do I check my DMARC record?
Enter your domain name in the checker tool above and click "Check DMARC Record." The tool queries the DNS TXT record at _dmarc.yourdomain.com, parses every tag, and validates the record against RFC 7489. Results appear in seconds.
What does p=none mean — am I protected?
p=none means your DMARC policy is in monitoring mode. Receiving mail servers will send you reports about authentication results, but they will not take action on messages that fail. Your domain is not yet protected from spoofing — you need to move to p=quarantine or p=reject for enforcement.
What is the difference between p=quarantine and p=reject?
p=quarantine routes failing messages to the spam or junk folder — recipients can still find them. p=reject blocks failing messages entirely at the SMTP level — recipients never see them. Reject provides the strongest protection against domain spoofing.
How long does it take for a DMARC record to propagate?
DNS changes typically propagate within 5 to 60 minutes, depending on your DNS provider and the TTL (Time To Live) value set on the record. Some resolvers may cache the old record for up to 24 hours.
What should I do if I have no DMARC record?
Start by publishing a DMARC record with p=none and a rua= address to receive aggregate reports. Use our free DMARC Record Generator to create the correct syntax, then add it as a TXT record at _dmarc.yourdomain.com in your DNS provider.
Why does my DMARC check show warnings even though I have a record?
Common warnings include: missing rua= address (no reports will be sent), relaxed alignment when strict would be safer, pct= set below 100 (not all failing mail is covered), or duplicate DMARC records which can cause unpredictable behavior.
How do I read DMARC aggregate reports?
Aggregate reports are XML files sent daily by receiving mail servers. They contain authentication results for every message claiming to be from your domain. DMARC Report automatically parses these XML files into visual dashboards showing pass/fail rates, sending sources, and alignment status.
Take control of your DMARC compliance
Free plan includes 1 domain and 10,000 monthly reports — no credit card required. See who sends email from your domain.
Start Free — No Credit CardTrusted by Security Teams
Rated 4.8/5 on G2 · 469 verified reviews
Zunaid K.
Director
"Essential tool for email delivery"
This tool helps us to implement DMARC reporting for our domains in an easy to use manner.
Verified User in Information Technology and Services
"Best security tool for your own domains"
The weekly reports help me a lot to analyze quickly the emails sent from my domains and that gives me peace of mind.
Larry H.
Research & Development Manager
"Good tool to buy"
I have used many tools for monitoring DMARC reports. But DMARC Report is a good tool to use. It helps avoid sending emails to spam.