DMARC Record Checker — Verify Your Domain's Email Authentication Policy
Instant DMARC lookup to verify your domain email authentication policy and identify security gaps.
Frequently Asked Questions
What is a DMARC record?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that helps protect your domain from unauthorized use. A DMARC record is a DNS TXT entry published at _dmarc.yourdomain.com that tells receiving email servers how to handle messages failing SPF or DKIM checks. It also specifies where to send authentication reports.
Why do I need DMARC lookup?
A DMARC lookup helps you verify that your DMARC record is correctly published in your DNS and is valid. A DMARC lookup verifies that your record is published correctly in DNS, has valid syntax, and does not contain misconfigurations that could leave your domain unprotected or cause legitimate email delivery issues.
Does DMARC replace SPF and DKIM?
No. DMARC builds on top of SPF and DKIM. It uses the results of both protocols to make enforcement decisions. You need at least one of SPF or DKIM to pass and align for DMARC to pass.
What is the difference between p=none, p=quarantine, and p=reject?
p=none only monitors — no action is taken on failing email. p=quarantine directs receivers to treat failing messages as suspicious (typically sending them to spam). p=reject instructs receivers to block failing messages entirely.
How often should I check my DMARC record?
Check your DMARC record after any DNS change, email infrastructure migration, or provider onboarding. For ongoing assurance, use SimpleDMARC's managed platform for continuous real-time monitoring.
What does 'external destination verification' mean?
If your rua or ruf reporting address is on a different domain than the one being protected, the receiving domain must publish a DNS TXT record authorizing it (e.g., yourdomain.com._report._dmarc.reportingdomain.com). Without this, reports will not be delivered.
Can I have multiple DMARC records on one domain?
No. A domain must have exactly one DMARC record. Multiple records cause parsing errors and may result in the DMARC policy being ignored entirely by receiving servers.
What is DMARC alignment?
Alignment means the domain in the From header matches the domain authenticated by SPF (envelope sender) or DKIM (d= domain). Strict alignment requires an exact match; relaxed alignment allows organizational domain matches (e.g., sub.example.com aligns with example.com).