DMARC Checker
Check your domain's DMARC record in seconds with our free lookup tool. We'll fetch your DMARC policy, break down each tag with clear explanations, and run comprehensive compliance tests to ensure your configuration properly protects against email spoofing and unauthorized use of your domain. Whether you're validating an existing record or troubleshooting authentication problems, our DMARC inspector provides actionable insights with full JSON output for easy integration into your monitoring systems or automation workflows.
Enter your domain to run a full DMARC lookup and security review
FAQs
What is DMARC and why is it important?
DMARC (Domain-based Message Authentication, Reporting and Conformance) is a DNS-based email security protocol that protects your domain from being used in phishing or spoofing attacks. It tells email providers what to do when messages fail SPF or DKIM checks and sends you reports about these authentication attempts. Without DMARC, if attackers impersonate your domain and send fake emails to customers or employees, you will have no visibility into these unauthorized attempts.
How do I create a DMARC record?
A DMARC record is a TXT record in your DNS settings with the name `_dmarc` and a value like: This tells receiving servers how to treat unauthorized mail, where to send reports, and how strictly to enforce alignment checks.
v=DMARC1; p=quarantine; sp=reject; pct=100; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1; adkim=r; aspf=rWhat's the difference between SPF, DKIM, and DMARC?
You need all three working together for complete email protection.
Think of them as layers of email security that work together:
- SPF (Sender Policy Framework): Checks whether an email was sent from a server or IP address authorized by the domain owner.
- DKIM (DomainKeys Identified Mail): Adds a cryptographic signature to each email, allowing the receiver to verify that the message hasn't been altered and truly comes from the claimed domain.
- DMARC: Ties them together by telling receiving mail servers what to do when these checks fail and sends you reports about authentication attempts.
What happens if I don't have a DMARC record?
Without DMARC, anyone can send emails pretending to be from your domain, and there's nothing instructing receivers on how to handle them. You won't get any reports about unauthorized use of your domain either. Many email providers now enforce DMARC policies, so domains without proper records may see their legitimate emails flagged or rejected.
What DMARC policy should I use?
Start with `p=none` to monitor without blocking anything. This lets you receive reports showing which email sources are passing or failing authentication, helping you spot any legitimate senders that aren't properly configured. After reviewing reports for a week or two, switch to `p=quarantine` to send suspicious emails to spam folders. Once you're confident all legitimate sources are authenticated correctly, move to `p=reject` for maximum protection. This gradual approach prevents accidentally blocking your own legitimate emails.