DMARC Record Checker
Enter a domain to check its DMARC record. See the policy, reporting URIs, and alignment configuration.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds on SPF and DKIM. It tells receiving mail servers what to do when an email fails authentication — reject it, quarantine it, or let it through.
DMARC Policy Levels
p=none Monitoring only. No action taken on failing emails. Good for initial setup.
p=quarantine Failing emails are sent to spam/junk. Intermediate enforcement.
p=reject Failing emails are rejected entirely. Strongest protection against spoofing.
Key DMARC Tags
| Tag | Description | Example |
|---|---|---|
| v | Protocol version (always DMARC1) | v=DMARC1 |
| p | Policy for the domain | p=reject |
| rua | Where to send aggregate reports | rua=mailto:[email protected] |
| ruf | Where to send forensic reports | ruf=mailto:[email protected] |
| sp | Policy for subdomains | sp=reject |
| adkim | DKIM alignment mode (strict or relaxed) | adkim=s |
| aspf | SPF alignment mode (strict or relaxed) | aspf=r |
Why DMARC Matters
Since November 2025, Google requires DMARC records for bulk senders. Microsoft followed in May 2025. Without a valid DMARC record, your emails may be rejected or flagged as spam by major providers.
DMARC protects your domain from being spoofed in phishing attacks. With p=reject, receiving servers will block unauthorized emails claiming to come from your domain.