Diagnostic suite · live

DMARC Checker

Parse a domain's DMARC (Domain-based Message Authentication) policy at _dmarc.{domain}.

About the DMARC Checker

The DMARC Checker looks up and parses the DMARC (Domain-based Message Authentication, Reporting and Conformance) record for any domain, showing the policy (p=none, quarantine or reject), the subdomain policy (sp), the alignment modes for SPF and DKIM, the reporting addresses (rua and ruf) and the percentage of mail the policy is applied to (pct).

DMARC ties SPF and DKIM together and tells receiving mail servers what to do with messages that fail authentication. It also gives senders visibility — receivers send aggregate XML reports back to the rua= address, letting you see who is sending mail as your domain and whether they're passing SPF and DKIM. Without DMARC, you're flying blind and giving spoofers a free path to your users.

Use this checker to verify DMARC is published correctly before enabling enforcement, to audit third-party services that send mail on your behalf, and to make sure the reporting addresses are valid mailboxes that can accept the incoming flood of daily aggregate reports.

How to use this tool

  1. 1Enter the required value in the input field above (domain, IP, URL, or text depending on the tool).
  2. 2Click the action button to run the check — results are computed instantly from our edge network.
  3. 3Review the parsed output, key fields and any warnings shown in the result card.
  4. 4Copy the result, share the page URL, or jump to a related tool from the sidebar to continue debugging.

Key features

  • Full DMARC tag-by-tag breakdown
  • Alignment mode (strict vs relaxed) for SPF and DKIM
  • Rua/ruf address validation
  • Detects common misconfigurations (missing rua, pct<100, p=none forever)
Related searches: dmarc record checker · dmarc lookup · check dmarc policy · dmarc analyzer · dmarc validator · dmarc quarantine reject

Frequently asked questions

DMARC (Domain-based Message Authentication, Reporting and Conformance) is a DNS-based policy that tells receiving mail servers what to do when messages fail SPF or DKIM authentication. It stops spoofers from putting your brand in the visible From: header and gives you visibility via aggregate reports.