DMARC record checker - check DMARC record

Use DMARC record checker to check if DMARC has been set up correctly for a domain.

To learn how to implement SPF/DKIM/DMARC, check out this definitive, step-by-step guide:
How to Implement SPF/DKIM/DMARC to Prevent Email Spoofing/Phishing

Enter domain to check DMARC record for, e.g., dmarcly.com
  Check DMARC Record

Found DMARC record in DNS:


Tags
Tag Value Explanation
v DMARC1 DMARC protocol version.
p Apply this policy to emails that fail the DMARC check. This policy be set to 'none', 'quarantine', or 'reject'. 'none' is used to collect the DMARC report and gain insight into the current emailflows and their status.
rua A list of URIs for email service providers to send aggregate reports to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form 'mailto:[email protected]'.
ruf A list of URIs for ISPs to send forensic reports to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form 'mailto:[email protected]'.
sp This policy should be applied to email from a subdomain of this domain that fail the DMARC check. Using this tag domain owners can publish a 'wildcard' policy for all subdomains.
fo Forensic options. Allowed values: '0' to generate reports if both DKIM and SPF fail, '1' to generate reports if either DKIM or SPF fails to produce a DMARC pass result, 'd' to generate report if DKIM has failed or 's' if SPF failed.
rf The reporting format for forensic reports.
pct The percentage tag instructs ISPs to only apply the DMARC policy to a percentage of failing email's. 'pct = 50' will tell receivers to only apply the 'p = ' policy 50% of the time against email's that fail the DMARC check. NOTE: this will not work for the 'none' policy, but only for 'quarantine' or 'reject' policies.
adkim Specifies the 'Alignment Mode' for DKIM signatures, this can be either 'r' (Relaxed) or 's' (Strict). In Relaxed mode also authenticated DKIM signing domains (d=) that share a Organizational Domain with an emails From domain will pass the DMARC check. In Strict mode an exact match is required.
aspf Specifies the 'Alignment Mode' for SPF, this can be either 'r' (Relaxed) or 's' (Strict). In Relaxed mode also authenticated SPF domains that share a Organizational Domain with an emails From domain will pass the DMARC check. In Strict mode an exact match is required.
ri The reporting interval for how often you'd like to receive aggregate XML reports. This is a preference and ISPs could (and most likely will) send the report on different intervals (normally this will be daily).

Help on DMARC Checker

The DMARC record checker, aka DMARC record validator or DMARC record tester, checks if a DMARC record is published on a domain, and performs various checks on the DMARC record.

To run a DMARC record check, enter the domain in question, and it will return the DMARC record on the domain if any, from a DNS lookup. It:

  • checks if the DMARC record syntax is correct;
  • makes sure external destination verification (EDV) is enabled on the reporting domains.

You can also run a quick DMARC check by sending an email with any subject/content to [email protected]. After DMARCLY receives the email, it will perform an SPF/DKIM/DMARC authentication analysis on the sender domain and send the results back to you as a report.

A DMARC record is a TXT record published to the DNS for your domain, under _dmarc.yourdomain.com.

Here is an example DMARC record:

v=DMARC1; p=none; rua=mailto:[email protected];

This record sets DMARC in monitoring mode, and requests to send aggregate reports to [email protected].

A DMARC record check, aka DMARC record validation fetches the DMARC record on a domain you entered, and performs various checks on it, to make sure your DMARC record works as expected.