DMARC Record Checker
Validate your DMARC policy and get actionable recommendations. All checks run in your browser -- nothing is sent to our servers.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol defined in RFC 7489. It builds on SPF and DKIM by adding a policy layer: domain owners publish a DNS TXT record at _dmarc.example.com that tells receiving mail servers what to do when a message fails both SPF and DKIM alignment checks.
DMARC also provides a reporting mechanism so domain owners can see who is sending email on their behalf and whether those messages pass authentication. Aggregate reports (sent to the rua address) provide daily summaries, while forensic reports (sent to the ruf address) provide per-message failure details.
The three DMARC policy levels are none (monitoring only), quarantine (deliver to spam), and reject (refuse delivery). Organizations typically start with p=none to gather data, then gradually tighten to quarantine and finally reject as they confirm all legitimate senders pass authentication.
Key DMARC Tags
| Tag | Required | Description |
|---|---|---|
v | Yes | Version. Must be DMARC1 and must be the first tag. |
p | Yes | Domain policy: none, quarantine, or reject. |
rua | No | Aggregate report URI(s) for daily XML reports. |
ruf | No | Forensic report URI(s) for per-message failure reports. |
sp | No | Subdomain policy. Inherits from p if absent. |
pct | No | Percentage of failing messages the policy applies to (0-100). |
adkim | No | DKIM alignment: r (relaxed) or s (strict). |
aspf | No | SPF alignment: r (relaxed) or s (strict). |
Read the complete DMARC guide to learn more.
Get the full picture with DMARCguard
Continuous monitoring, aggregate report parsing, and actionable insights for all your email authentication protocols.
Start Free