DMARC tools

DMARC record checker

Validate your DMARC policy, reporting addresses, and enforcement posture in seconds.

Enter a valid domain name only, without http:// or https://.

About

The DMARC Checker looks up the published DMARC TXT record at _dmarc.yourdomain.com and validates its syntax, policy, and reporting configuration.

Use it after publishing a new record, after DNS changes, or during periodic audits to confirm your domain is protected against spoofing.

Instant DNS lookup

See exactly what receivers find when they query your DMARC record, no account required.

Syntax validation

Catch typos, missing tags, and invalid values before they weaken your email authentication.

Policy visibility

Know whether your domain is in monitor (none), quarantine, or reject enforcement mode.

Tag breakdown

Every tag in your record is parsed and explained so you can spot misconfigurations quickly.

How to use this tool

Enter your domain

Type the root domain only, for example example.com, without http:// or a subdomain prefix.

Query _dmarc DNS

The tool performs a live lookup at _dmarc.yourdomain.com for the DMARC TXT record.

Validate the record

Syntax, required tags, policy values, and reporting URIs are checked against DMARC rules.

Review and act

Copy the detected record, review issues, and fix gaps using the DMARC Generator if needed.

Understanding the results

Results reflect what is currently published in public DNS. DNS propagation can take up to 48 hours after changes.

Correctly configured

A valid DMARC record exists with no actionable issues. Policy and reporting look healthy.

Record found, review needed

A DMARC record exists but has warnings, for example p=none, missing rua, or minor tag issues.

Not found or invalid

No DMARC record was found, or the published value has syntax errors that receivers may ignore.

Info-level notes

Informational messages that do not require immediate action but may help with optimization.

Important result fields

Status

Valid, Invalid, or Not found, based on DNS presence and syntax checks.

Policy (p)

none = monitor only; quarantine = send failing mail to spam; reject = block it.

Reporting

Whether rua aggregate report addresses are configured to receive daily summaries.

Record checks

Pass/fail rows for validity, policy strength, RUA, RUF, and error count.

Tags found

Parsed tag/value pairs with descriptions for each DMARC directive.

Best practices & recommendations

Check after every DNS change

Re-run the checker whenever you update SPF, DKIM, or DMARC to confirm the live record matches intent.

Do not skip rua

If Reporting shows "Not configured", add an aggregate address so you can see all mail sources.

Move policy gradually

Stay on p=none until aggregate reports show all legitimate senders passing SPF or DKIM.

Fix issues before enforcing

Resolve every actionable issue while on p=none, switching to quarantine or reject too early can block real mail.

Frequently asked questions

It queries DNS for a TXT record at _dmarc.yourdomain.com. That record tells mailbox providers how to handle mail that fails SPF or DKIM for your domain.

Nothing is published at _dmarc.yourdomain.com. Receivers have no DMARC policy for your domain, which leaves spoofing unprotected. Use the DMARC Generator to create one.

Valid means the record exists and passes syntax checks. Invalid means a record was found but contains errors, receivers may treat it as if no DMARC exists.

Not during rollout. p=none is correct for monitoring. It becomes a concern if you stay on none indefinitely without reviewing aggregate reports.

RUA receives daily aggregate reports about all mail using your domain. RUF receives individual failure samples, optional and often skipped due to volume.

Most updates propagate within minutes to a few hours, but allow up to 48 hours globally before concluding a record is missing.

No. Only one DMARC TXT record should exist at _dmarc.yourdomain.com. Multiple records cause receivers to ignore all of them.

Run this check once, or have it watched 24/7.

SenderSignal monitors these signals continuously: 48 blacklists, SPF, DKIM, DMARC, TLS and more, with alerts in Slack, email and signed webhooks.

Start monitoring free All free tools