DMARC Record Checker

Enter any domain to look up its DMARC record. We parse every tag and explain your policy, reporting, and alignment settings.

How DMARC Works

DMARC sits on top of SPF and DKIM, adding two critical capabilities: a policy that tells receivers what to do with unauthenticated email, and a reporting mechanism that shows you who is sending as your domain.

When a receiving server gets an email, it checks SPF and DKIM. Then it checks your DMARC record to see if the results align with your From domain. If authentication fails, the server applies your DMARC policy — none (just report), quarantine (send to spam), or reject (block entirely).

The reporting addresses (rua for aggregate, ruf for forensic) receive XML reports from ISPs showing all email activity for your domain. These reports are essential for identifying unauthorized senders and safely tightening your policy.

Need to create a DMARC record?

Our DMARC Generator builds a valid record with your preferred policy and reporting addresses.

Generate DMARC Record

Frequently Asked Questions

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that builds on SPF and DKIM. It tells receiving servers what to do when an email fails authentication — monitor it, quarantine it to spam, or reject it outright. It also provides a reporting mechanism so you can see who is sending email as your domain.

What DMARC policy should I use?

Start with p=none (monitoring only) to collect reports without affecting delivery. After 2-4 weeks of reviewing reports and confirming all legitimate senders pass authentication, move to p=quarantine (spam folder for failures). Once confident, upgrade to p=reject for maximum protection. Gmail and Yahoo require at least p=none for bulk senders.

What are DMARC aggregate reports?

Aggregate reports (sent to the rua= address) are XML files that ISPs send daily showing who sent email as your domain, whether it passed SPF/DKIM, and what policy was applied. Use a DMARC report analyzer service to parse these — they are machine-readable, not human-friendly. These reports are essential for safely moving from p=none to p=reject.

What is DMARC alignment?

Alignment means the domain in the From header must match the domain that passed SPF or DKIM. Strict alignment (aspf=s, adkim=s) requires an exact domain match. Relaxed alignment (aspf=r, adkim=r, the default) allows subdomains to match the organizational domain.

Do I need DMARC if I have SPF and DKIM?

Yes. SPF and DKIM alone do not tell receiving servers what to do with failures — they just report pass or fail. DMARC adds the policy layer (none/quarantine/reject) and the reporting mechanism. Without DMARC, a failing SPF check might still land in the inbox depending on the receiver. With DMARC at p=reject, it will be blocked.