Skip to main content

Free DMARC Record Checker

Instantly validate your DMARC record configuration. Check policy enforcement, alignment settings, and reporting addresses — identify issues before they affect email deliverability.

Try the Full APIView Documentation

Free to use — no signup required. Rate limited to 5 requests per minute.

How to Check Your DMARC Record

Follow these steps to validate your domain's DMARC configuration and ensure email authentication is working correctly.

  1. 1

    Enter your domain

    Type your domain name (e.g., example.com) into the checker above. Do not include https:// or www — just the root domain.

  2. 2

    Run the check

    Click "Check DMARC" to query your domain's _dmarc TXT record and analyze the policy configuration.

  3. 3

    Review the policy

    Check that your DMARC policy (p=) is set to "quarantine" or "reject" for full protection. A policy of "none" only monitors — it doesn't block spoofing.

  4. 4

    Verify reporting

    Confirm that rua= (aggregate reports) and ruf= (forensic reports) addresses are configured so you receive authentication failure data.

  5. 5

    Check alignment

    Ensure SPF and DKIM alignment modes (aspf= and adkim=) match your sending infrastructure. Strict alignment (s) offers better protection but requires exact domain matches.

What Is DMARC and Why Does It Matter?

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It builds on two existing email authentication standards — SPF and DKIM — by adding a policy layer that tells receiving mail servers what to do when authentication fails.

Without DMARC, a spammer can send emails that appear to come from your domain, and the receiving server has no guidance on whether to deliver, quarantine, or reject those messages. DMARC closes this gap by publishing a policy in your DNS that explicitly defines how failures should be handled.

Since February 2024, Google and Yahoo require DMARC records for domains sending more than 5,000 emails per day. Microsoft followed with similar requirements. Not having DMARC now directly impacts your email deliverability.

Understanding DMARC Record Syntax

A DMARC record is a DNS TXT record published at _dmarc.yourdomain.com. Here's what each tag means:

• v=DMARC1 — Version identifier (required, must be first) • p=none|quarantine|reject — Policy for the domain (required) • sp= — Policy for subdomains (optional, inherits from p= if absent) • rua= — Aggregate report recipients (mailto: URIs) • ruf= — Forensic report recipients (mailto: URIs) • adkim=r|s — DKIM alignment mode (relaxed or strict) • aspf=r|s — SPF alignment mode (relaxed or strict) • pct= — Percentage of messages subject to policy (1-100) • fo= — Forensic report options (0, 1, d, s) • ri= — Aggregate report interval in seconds (default 86400)

DMARC Deployment Best Practices

Rolling out DMARC safely requires a phased approach:

1. Start with p=none — This monitoring-only mode lets you collect reports without affecting email delivery. Publish: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

2. Analyze reports — Use aggregate reports to identify all legitimate email sources (marketing platforms, CRM, transactional services). Ensure each source passes SPF or DKIM.

3. Move to quarantine — Once legitimate sources are authenticated, set p=quarantine with a low pct= value (e.g., pct=10) to gradually route failing emails to spam.

4. Enforce with reject — After confirming no legitimate email is affected, set p=reject to block all unauthenticated email. This is the strongest protection against domain spoofing.

5. Monitor continuously — Keep rua= reports active. New email services or infrastructure changes can break authentication. Regular monitoring catches issues before they affect deliverability.

Frequently Asked Questions

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a DNS TXT record that tells email receivers how to handle messages that fail SPF or DKIM authentication. It protects your domain from being used in phishing and spoofing attacks.

Related Free Tools

Free SPF Record Lookup

Validate your SPF record configuration instantly. Check DNS lookup count against the 10-lookup limit, analyze mechanisms, and verify that your sending infrastructure is properly authorized.

Free DNS Propagation Checker

Check if your DNS changes have propagated to resolvers worldwide. Query Google, Cloudflare, OpenDNS, and more to verify DNS consistency before announcing deployments.

Need More Than a Free Check?

Get programmatic access to 100+ domain intelligence endpoints. Automate monitoring, integrate with CI/CD, and build custom workflows.

Get Free API KeyExplore All Endpoints

Free tier includes 200 requests/month