DMARC Record Checker — Verify Your Domain's Email Authentication Policy

What Is a DMARC Record and Why Does It Matter?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol published as a DNS TXT record at _dmarc.yourdomain.com. It instructs receiving mail servers how to handle messages that fail SPF or DKIM authentication checks — either monitor them (none), send them to spam (quarantine), or block them entirely (reject). Without a properly configured DMARC record, attackers can send emails that appear to come from your domain, putting your customers, partners, and brand reputation at risk. Phishing remains the number one attack vector in cybersecurity, and domain spoofing is at the heart of most phishing campaigns.

What Does This Tool Check?

Our free DMARC Record Checker performs an instant DNS lookup on the domain you provide and parses the complete DMARC TXT record. It validates every tag in the record — policy (p), subdomain policy (sp), alignment modes (aspf, adkim), percentage (pct), reporting URIs (rua, ruf), and failure reporting options (fo). The tool flags common misconfigurations including: records with syntax errors that silently fail, policies stuck at 'none' without progression toward enforcement, reporting URIs pointing to external domains that lack DNS authorization (missing the corresponding report.dmarc TXT record), invalid percentage values, and conflicting subdomain policies. Each issue is categorized by severity with a plain-language recommendation for how to fix it.

Who Should Use This Tool?

Domain administrators deploying DMARC for the first time should run this checker before and after publishing their record to confirm it resolves correctly. MSPs and IT consultants can use it to audit client domains during onboarding or periodic security reviews. Security professionals conducting due diligence on vendor or partner domains can quickly assess their email authentication posture. Marketing teams concerned about email deliverability can verify that DMARC is not causing legitimate campaign emails to be quarantined or rejected. Any organization subject to compliance frameworks that mandate DMARC — including PCI DSS 4.0, NIST 800-177, and Google/Yahoo sender requirements — should check their records regularly.

How to Read Your DMARC Checker Results

After the lookup, the tool displays your raw DMARC record and a parsed breakdown of each tag. A green status indicates the tag is correctly configured. Yellow flags indicate suboptimal settings that could be improved, such as using relaxed alignment when strict would be more secure. Red flags indicate errors that need immediate attention, such as a missing policy tag or an unreachable reporting address. The overall result summary tells you whether your domain is in monitoring mode (p=none), partially enforced (p=quarantine), or fully enforced (p=reject). For domains still at p=none, we recommend analyzing your aggregate reports to identify all legitimate senders, then progressing toward quarantine and ultimately reject.

Tag Reference

The following tags/parameters are checked or generated by this tool: