Skip to main content
NEW Advanced Threat Defense now includes AI-powered URL analysis Learn more →

Free DMARC Record Checker

Validate your DMARC policy, check alignment settings, verify reporting configuration, and detect duplicate records or missing authorization.

Up to 90% of security breaches start with phishing emails
Built by the Phish Protection team | Validated against RFC 7489 | Last verified: April 2026

Check Your DMARC Record

Enter your domain to analyze your DMARC configuration and get actionable insights.

Need ongoing DMARC monitoring?

DMARC Report turns raw XML aggregate reports into actionable dashboards. Track authentication results across all your domains, identify unauthorized senders, and move toward full DMARC enforcement.

Monitor with DMARC Report →

What is a DMARC Record?

A DMARC (Domain-based Message Authentication, Reporting & Conformance) record is a DNS entry that instructs receiving mail servers on how to handle emails that don't pass SPF or DKIM authentication checks. Think of it as a digital bouncer — ensuring only legitimate emails make it to your recipients' inboxes.

Without a DMARC record, anyone could impersonate your domain and send malicious emails. DMARC ties together SPF and DKIM into a unified policy, giving you control over what happens when authentication fails and providing visibility through aggregate and forensic reports.

Components of a DMARC Record

Version

Always v=DMARC1

Identifies this as a DMARC record.

Policy (p=)

none | quarantine | reject

How to handle emails that fail authentication.

Subdomain Policy (sp=)

Separate policy for subdomains

Optionally apply different rules to subdomains.

Aggregate Reports (rua=)

mailto:reports@example.com

Where to send summary authentication reports.

Forensic Reports (ruf=)

mailto:failures@example.com

Where to send detailed failure reports.

Alignment (adkim/aspf)

s (strict) | r (relaxed)

How strictly DKIM/SPF domains must match the From header.

Example DMARC record:

v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; ruf=mailto:dmarc-failures@example.com; adkim=s; aspf=s;

Why Monitor Your DMARC Configuration?

Catch Unauthorized Senders

Regular DMARC checks reveal who is sending email from your domain — including senders you didn't authorize.

Track Policy Enforcement

Verify your DMARC policy is active and correctly enforcing authentication across all receiving mail servers.

Detect Misconfigurations

Spot duplicate records, missing report destinations, incorrect alignment modes, and other common setup mistakes before they affect delivery.

Validate After DNS Changes

Any DNS update can accidentally break your DMARC record. Run a check after every change to confirm your authentication is intact.

Frequently Asked Questions

How do I check my DMARC record?

Enter your domain name in the checker tool above and click "Check DMARC Record." The tool queries the DNS TXT record at _dmarc.yourdomain.com, parses every tag, and validates the record against RFC 7489. Results appear in seconds.

What does p=none mean — am I protected?

p=none means your DMARC policy is in monitoring mode. Receiving mail servers will send you reports about authentication results, but they will not take action on messages that fail. Your domain is not yet protected from spoofing — you need to move to p=quarantine or p=reject for enforcement.

What is the difference between p=quarantine and p=reject?

p=quarantine routes failing messages to the spam or junk folder — recipients can still find them. p=reject blocks failing messages entirely at the SMTP level — recipients never see them. Reject provides the strongest protection against domain spoofing.

How long does it take for a DMARC record to propagate?

DNS changes typically propagate within 5 to 60 minutes, depending on your DNS provider and the TTL (Time To Live) value set on the record. Some resolvers may cache the old record for up to 24 hours.

What should I do if I have no DMARC record?

Start by publishing a DMARC record with p=none and a rua= address to receive aggregate reports. Add it as a TXT record at _dmarc.yourdomain.com in your DNS provider. For ongoing monitoring, DMARC Report (dmarcreport.com) automatically parses the XML reports into visual dashboards.

Why does my DMARC check show warnings even though I have a record?

Common warnings include: missing rua= address (no reports will be sent), relaxed alignment when strict would be safer, pct= set below 100 (not all failing mail is covered), or duplicate DMARC records which can cause unpredictable behavior.

How does DMARC help prevent phishing?

DMARC prevents attackers from spoofing your domain in phishing emails. When set to p=reject, receiving servers will block messages that fail SPF and DKIM alignment — meaning fraudulent emails claiming to be from your domain never reach the recipient's inbox.

Stop phishing before it reaches your inbox

Phish Protection blocks phishing, ransomware, and BEC attacks in real time. 60-day free trial — no credit card required.

Start Free Trial