DMARC Record Checker
Validate your domain's DMARC record to protect against email fraud and improve deliverability.
What is a DMARC Record?
DMARC, which stands for "Domain-based Message Authentication, Reporting, and Conformance," is an email authentication protocol. A DMARC record is a TXT record published in your DNS that tells receiving mail servers what to do with emails that fail SPF and DKIM authentication checks.
It acts as a policy layer on top of SPF and DKIM, giving domain owners control over how unauthenticated mail is handled and providing valuable reports on email activity.
Why is DMARC Important?
A correct DMARC policy is your strongest defense against direct domain spoofing and phishing attacks. It protects your brand's reputation by preventing criminals from sending malicious emails that appear to come from you.
Key benefits include:
- Phishing Protection: DMARC prevents unauthorized use of your exact domain, stopping the most common type of brand impersonation in phishing attacks.
- Enhanced Deliverability: Major inbox providers like Gmail and Yahoo now require DMARC for bulk senders. A proper policy signals that you are a legitimate, trustworthy sender.
- Visibility and Control: DMARC reports (via the `rua` tag) give you detailed insight into who is sending email on behalf of your domain, allowing you to identify and authorize legitimate services.
How to Create and Fix a DMARC Record
A DMARC record is published as a TXT record at `_dmarc.yourdomain.com`. A basic record for monitoring looks like this:
v=DMARC1; p=none; rua=mailto:[email protected]
The policy (`p=`) can be set to `none` (monitor only), `quarantine` (send to spam), or `reject` (block). It's crucial to start with `p=none` to analyze reports before moving to a stricter enforcement policy.
Frequently Asked Questions
What are the DMARC policies: `none`, `quarantine`, and `reject`?
p=none: This is "monitor mode." It tells receivers to deliver mail normally, even if it fails DMARC, but to send reports to the address in your `rua` tag. Always start here.
p=quarantine: Tells receivers to treat failed mail with suspicion, usually by sending it to the spam folder.
p=reject: The strictest policy. It tells receivers to completely block any email that fails DMARC authentication.
What's the difference between the `rua` and `ruf` tags?
The `rua` tag specifies an email address to receive "aggregate reports," which are daily XML summaries of your email traffic. The `ruf` tag is for "forensic reports," which are immediate, redacted copies of individual emails that fail authentication. Most services rely on `rua` reports.
Do I need SPF and DKIM to use DMARC?
Yes. DMARC works by checking the results of SPF and DKIM. You must have at least one of them (and preferably both) correctly configured and passing authentication for DMARC to work effectively.
Disposable Checker
Use our free disposable checker to see if a specific email domain provides temporary email addresses.
Open Email Name Extractor
Extract first names, last names, and detect gender from any email address quickly and easily.
Open
Email Health Checker
Check DNS health of your email sending domain to ensure high email deliverability.
Open
Blacklist Checker
Check your email sending IP or domain against more than 100 real-time email blacklist servers.
Open
