See whether your domain is ready for DMARC enforcement by checking DMARC alongside SPF and DKIM.
The DMARC Analyzer performs a deep review of your published DMARC record, validating syntax, policy strength, reporting setup, and tag configuration.
It is ideal when you need a structured audit of an existing record rather than a quick pass/fail check, such as before tightening policy or during a compliance review.
Goes beyond presence checks to evaluate policy, alignment tags, and reporting completeness.
Surfaces configuration problems that could weaken protection or cause deliverability issues.
Lists every tag with its value and meaning so you can verify advanced settings like sp, adkim, and fo.
Confirm your record is ready before moving from p=none to quarantine or reject.
Enter the sending domain you want analyzed, the root domain, not a mail-server hostname.
The analyzer retrieves the current DMARC TXT record from public DNS at _dmarc.yourdomain.com.
Syntax, policy values, alignment modes, reporting URIs, and deprecated tags are evaluated.
Read the status banner, record checks, tag table, and any issues to decide your next steps.
The status banner summarizes overall health. Record checks break down individual requirements with pass/fail indicators.
Record is present, syntactically valid, and has no actionable issues. Ready for ongoing monitoring or policy tightening.
The record parses correctly but has warnings, weak policy, missing rua, or configuration gaps to address.
No record found, or the published value has errors that prevent receivers from applying your policy.
Individual checks marked with a red X indicate specific gaps, for example missing RUA or p=none enforcement.
High-level summary, correctly set up, needs review, or not found.
The exact TXT string found in DNS. Copy it to compare against your intended configuration.
Yes/No, whether the record passes syntax and required-tag validation.
The p= value: none, quarantine, or reject.
Complete list of tags with values and RFC descriptions.
Run the analyzer before switching from p=none to quarantine or reject to confirm reporting and alignment are correct.
If you used the DMARC Generator, verify the live DNS record matches what you intended to publish.
Treat failed record checks as action items, especially missing RUA and weak policy during active sending.
After updating DNS, wait for propagation and run the analyzer again to confirm issues are resolved.
Both look up your live DMARC record. The Analyzer focuses on a structured audit with status messaging and tag inventory; the Checker adds summary cards for policy, reporting, and issue counts.
The record exists but has invalid syntax, unsupported tag values, or missing recommended settings like aggregate reporting addresses.
Start with relaxed (r) to avoid breaking forwarded mail. Move to strict (s) only after aggregate reports confirm all legitimate sources align.
sp sets DMARC policy for subdomains. If omitted, subdomains inherit the root p= policy.
p=none means no enforcement, mail is not blocked. It is correct during monitoring but should be upgraded once you have report visibility.
Yes. SPF and DKIM authenticate individual messages. DMARC tells receivers what to do when authentication fails and provides reporting.
Enter the organizational domain. DMARC is published at _dmarc on the root domain and applies to the domain and its subdomains per policy.
SenderSignal monitors these signals continuously: 48 blacklists, SPF, DKIM, DMARC, TLS and more, with alerts in Slack, email and signed webhooks.