Free DMARC Record Checker

Instantly verify DMARC record for any domain

Enter a domain name below to check its DMARC record and verify email authentication policy and reporting.

What is DMARC?Setup GuideRecord TagsAlignmentRollout StrategyBest PracticesFAQEmail Checker

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) helps protect your domain from spoofing by defining how receiving servers should handle unauthenticated emails.

Policy (p)

Specifies what to do with unauthenticated mail: none, quarantine, or reject.

Alignment (adkim/aspf)

Controls how strictly DKIM and SPF must align with the From domain: r (relaxed) or s (strict).

Reporting (rua/ruf)

Aggregate (rua) and forensic (ruf) report addresses where receivers send DMARC reports.

Why Check DMARC?

DMARC helps prevent email spoofing and improves deliverability by instructing receivers how to handle suspicious messages.

Improve Security

Protect your brand and users from phishing and spoofing attacks.

Gain Visibility

Get aggregate reports to understand who is sending on behalf of your domain.

Enforce Policy

Gradually move from none -> quarantine -> reject to enforce authenticated mail.

Boost Deliverability

Authenticated mail is more likely to reach the inbox and avoid spam filters.

Understanding DMARC Result Fields

Decode the fields returned by a DMARC record and learn how they impact your email authentication.
v

Version of the DMARC protocol (e.g., DMARC1).

p

Policy for the organizational domain (none, quarantine, reject).

sp

Policy for subdomains (inherits from p if not present).

pct

Percentage of messages to which the policy is applied.

adkim

Alignment mode for DKIM (r or s).

aspf

Alignment mode for SPF (r or s).

rua

Aggregate report URI(s).

ruf

Forensic report URI(s).

fo

Failure reporting options.

ri

Report interval in seconds (default 86400).

DMARC Setup Guide

Step-by-step instructions to implement DMARC for your domain safely and effectively.
Prerequisites

Set up SPF and DKIM first

DMARC requires SPF and/or DKIM to be configured before implementation. Allow 48 hours after SPF/DKIM setup before adding DMARC.

  • Configure SPF record for your domain
  • Set up DKIM signing for outgoing mail
  • Wait 48 hours for DNS propagation
  • Test SPF and DKIM authentication
Step 1

Set up reporting mailbox

Create a dedicated mailbox or group to receive DMARC reports, as you may receive hundreds of reports daily.

  • Create dmarc-reports@yourdomain.com mailbox
  • Set up email filtering for report management
  • Consider using DMARC report analysis tools
  • Ensure sufficient storage for report volume
Step 2

Authenticate third-party services

Ensure all third-party email services (marketing, transactional) are properly authenticated.

  • Contact providers to verify SPF/DKIM setup
  • Add provider IPs to your SPF record
  • Ensure envelope sender domains match
  • Test authentication for all services
Step 3

Create DMARC record

Start with p=none policy for monitoring, then gradually increase enforcement.

  • Begin with: v=DMARC1; p=none; rua=mailto:reports@domain.com
  • Add pct=10 for gradual rollout
  • Include both rua and ruf if supported
  • Set appropriate alignment modes (adkim, aspf)
Step 4

Add DNS record

Publish the DMARC record as a TXT record at _dmarc.yourdomain.com

  • Log into your DNS provider
  • Create TXT record at _dmarc.yourdomain.com
  • Enter your DMARC policy string
  • Verify record propagation

DMARC Record Tags Reference

Complete reference of all DMARC record tags and their values.
v

v Tag

Required

DMARC version, must be DMARC1

Example:

v=DMARC1

Always the first tag in the record

p

p Tag

Required

Policy for the domain

Example:

p=none | p=quarantine | p=reject

Start with 'none' for monitoring, progress to 'quarantine' then 'reject'

sp

sp Tag

Policy for subdomains

Example:

sp=quarantine

If not specified, subdomains inherit the main domain policy

pct

pct Tag

Percentage of messages to apply policy to

Example:

pct=25

Useful for gradual rollout, defaults to 100 if not specified

rua

rua Tag

Aggregate report email addresses

Example:

rua=mailto:dmarc@example.com

Highly recommended, can specify multiple addresses

ruf

ruf Tag

Forensic report email addresses

Example:

ruf=mailto:forensic@example.com

Not supported by all receivers, including Gmail

adkim

adkim Tag

DKIM alignment mode

Example:

adkim=s (strict) | adkim=r (relaxed)

Defaults to relaxed if not specified

aspf

aspf Tag

SPF alignment mode

Example:

aspf=s (strict) | aspf=r (relaxed)

Defaults to relaxed if not specified

fo

fo Tag

Failure reporting options

Example:

fo=1

0=both fail, 1=either fails, d=DKIM fails, s=SPF fails

ri

ri Tag

Report interval in seconds

Example:

ri=86400

Defaults to 86400 (24 hours) if not specified

Understanding DMARC Alignment

Learn how DMARC alignment works and when to use strict vs relaxed modes.

Relaxed Alignment (Default)

Allows organizational domain matches - more flexible but still secure

SPF Example:

From: user@example.com, Return-Path: bounce@mail.example.com ✓

DKIM Example:

From: user@example.com, DKIM d=mail.example.com ✓

Best for:

  • Most organizations using subdomains
  • Third-party email services
  • Complex email infrastructure

Strict Alignment

Requires exact domain matches - maximum security but less flexible

SPF Example:

From: user@example.com, Return-Path: bounce@example.com ✓

DKIM Example:

From: user@example.com, DKIM d=example.com ✓

Best for:

  • High-security environments
  • Simple email infrastructure
  • Domains with unauthorized subdomains

Recommended DMARC Rollout Strategy

Safe, phased approach to implementing DMARC without disrupting email delivery.
1:

Phase 1: Monitor (p=none)

2-4 weeks

Collect data on all email sources and authentication status

DMARC Policy:

v=DMARC1; p=none; rua=mailto:reports@domain.com; pct=100

Actions to Take:

  • Analyze aggregate reports daily
  • Identify all legitimate sending sources
  • Fix SPF and DKIM issues found
  • Ensure third-party services are authenticated

Success Criteria:

95%+ of legitimate mail passes authentication

2:

Phase 2: Gradual Quarantine

2-3 weeks

Start enforcing policy on a small percentage of mail

DMARC Policy:

v=DMARC1; p=quarantine; rua=mailto:reports@domain.com; pct=25

Actions to Take:

  • Monitor spam folders for false positives
  • Gradually increase pct value (25% → 50% → 75%)
  • Address any delivery issues immediately
  • Continue analyzing reports

Success Criteria:

No legitimate mail in quarantine

3:

Phase 3: Full Quarantine

2-3 weeks

Apply quarantine policy to all unauthenticated mail

DMARC Policy:

v=DMARC1; p=quarantine; rua=mailto:reports@domain.com; pct=100

Actions to Take:

  • Monitor for any remaining issues
  • Fine-tune SPF and DKIM as needed
  • Prepare for reject policy
  • Consider strict alignment if appropriate

Success Criteria:

Stable authentication rates, no delivery issues

4:

Phase 4: Reject Policy

Ongoing

Maximum protection - reject all unauthenticated mail

DMARC Policy:

v=DMARC1; p=reject; rua=mailto:reports@domain.com; pct=100

Actions to Take:

  • Monitor reports for new threats
  • Maintain SPF and DKIM records
  • Regular policy reviews
  • Handle legitimate sender issues promptly

Success Criteria:

Consistent protection against spoofing

DMARC Best Practices

Follow these recommendations to deploy DMARC safely and effectively.

Start with p=none

Begin with monitoring to understand current sources and authentication status.

Publish RUA/RUF

Add reporting addresses (rua/ruf) to receive aggregate and forensic reports.

Tighten Alignment

Use strict alignment (s) for higher security after monitoring phase.

Gradual Enforcement

Move to quarantine then reject once authenticated sources are aligned.

Frequently Asked Questions

Common questions about DMARC records and deployment.

Try Email Validation API for free!

Get started with our email validation API and experience the power of AI-powered email validation.

No credit card required
100 credits free