DMARC Checker – Validate DMARC Record & Policy Online
Check and validate your DMARC record (Domain-based Message Authentication, Reporting & Conformance). Analyze policy (none, quarantine, reject), alignment, reporting addresses (rua, ruf), and enforcement level. Ensure SPF and DKIM are correctly configured for full email authentication.
Enter your input above and click "Check" to see results.
What Is DMARC?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a DNS-based policy that tells receiving mail servers how to handle messages that fail SPF or DKIM checks. You publish a TXT record at _dmarc.yourdomain.com with a policy (p=none, p=quarantine, or p=reject), alignment settings (adkim, aspf), and optional reporting addresses (rua, ruf). Receivers use this to reduce spoofing and report authentication results. p=none means monitor only; p=quarantine means treat failures as suspicious (e.g. spam folder); p=reject means reject failing messages. Alignment (strict vs relaxed) controls how closely the From domain must match the SPF/DKIM domain—strict is stronger but can break forwarding; relaxed is the usual choice.
Why DMARC Is Important for Email Deliverability
Gmail, Yahoo, Outlook, and other major providers increasingly enforce or recommend DMARC. A proper DMARC policy helps prevent spoofing of your domain, protects your brand reputation, and improves inbox placement by signaling that you take authentication seriously. Without DMARC, receivers have no clear instruction on what to do with messages that fail SPF or DKIM, so spoofed mail can still be delivered. Use our DMARC Checker to validate your record, then pair it with the SPF Checker and DKIM Checker for full email authentication.
How to Check a DMARC Record
- Enter your domain in the DMARC checker above (e.g.
yourdomain.com). - Click Check. The tool looks up the TXT record at
_dmarc.yourdomain.comand parses policy, alignment, and reporting. - Review the DMARC Analysis: policy (p=), subdomain policy (sp=), alignment (adkim, aspf), reporting (rua/ruf), and enforcement level.
- Adjust DNS if needed—for example add
rua=mailto:dmarc@yourdomain.comfor reports, or move fromp=nonetop=quarantinethenp=reject. Use DNS Lookup to inspect_dmarc.yourdomain.comTXT directly.
Common DMARC Issues
- No DMARC record — Publish a TXT at
_dmarc.yourdomain.comstarting withv=DMARC1; p=none;then add rua for reports. - p=none (not enforced) — Monitoring only; move to p=quarantine or p=reject once you have verified reports and legitimate mail passes.
- Missing rua reporting — Add
rua=mailto:you@yourdomain.comto receive aggregate reports and fix misconfigurations. - SPF/DKIM misalignment — Ensure SPF and DKIM are set up and that the From domain aligns (relaxed or strict) with the authenticated domain; otherwise DMARC can fail.
- Multiple DMARC records — Only one TXT record starting with v=DMARC1 should exist for
_dmarc; multiple records cause undefined behavior.
Use the SPF Checker, DKIM Checker, and DNS Lookup together to validate SPF, DKIM, and DMARC and keep your email authentication in good shape.
DMARC Checker FAQ
What is a DMARC record?
A DMARC record is a DNS TXT record published at _dmarc.yourdomain.com that tells receiving mail servers how to handle messages that fail SPF or DKIM. It includes the policy (p=none, quarantine, or reject), optional subdomain policy (sp=), alignment mode (adkim, aspf), and reporting addresses (rua for aggregate reports, ruf for forensic reports). Receivers use it to reduce spoofing and to send you reports. Use a DMARC Checker or DNS Lookup to validate your record.
What does p=reject mean?
p=reject means the domain owner instructs receiving servers to reject messages that fail DMARC (i.e. that fail both SPF and DKIM alignment checks). It is the strongest policy and gives full protection against spoofing. Move to p=reject only after you have verified that legitimate mail passes (e.g. after running in p=none or p=quarantine and reviewing rua reports).
Should I use quarantine or reject?
Use p=quarantine to treat failing messages as suspicious (e.g. spam folder) while you monitor; use p=reject for full enforcement once you are confident no legitimate mail will fail. Reject is recommended for maximum protection; quarantine is a safer step before going to reject if you are still tuning SPF/DKIM.
How long does DMARC propagation take?
DNS changes typically propagate within minutes to 48 hours depending on TTL and resolvers. After you add or update the TXT record at _dmarc.yourdomain.com, use a DMARC Checker or DNS Lookup to confirm the record is visible. If you don’t see it yet, wait for propagation or check that the record was published correctly.
How do SPF and DKIM affect DMARC?
DMARC only applies when a message fails both SPF and DKIM (or fails alignment). So for DMARC to “pass,” either SPF or DKIM must pass and align with the From domain. If both fail or don’t align, the receiver applies your DMARC policy (none, quarantine, or reject). Use our SPF Checker and DKIM Checker to ensure SPF and DKIM are correct, then set DMARC to p=quarantine or p=reject for full protection.