Validate your DMARC policy, reporting addresses, and enforcement posture in seconds.
The DMARC Checker looks up the published DMARC TXT record at _dmarc.yourdomain.com and validates its syntax, policy, and reporting configuration.
Use it after publishing a new record, after DNS changes, or during periodic audits to confirm your domain is protected against spoofing.
See exactly what receivers find when they query your DMARC record, no account required.
Catch typos, missing tags, and invalid values before they weaken your email authentication.
Know whether your domain is in monitor (none), quarantine, or reject enforcement mode.
Every tag in your record is parsed and explained so you can spot misconfigurations quickly.
Type the root domain only, for example example.com, without http:// or a subdomain prefix.
The tool performs a live lookup at _dmarc.yourdomain.com for the DMARC TXT record.
Syntax, required tags, policy values, and reporting URIs are checked against DMARC rules.
Copy the detected record, review issues, and fix gaps using the DMARC Generator if needed.
Results reflect what is currently published in public DNS. DNS propagation can take up to 48 hours after changes.
A valid DMARC record exists with no actionable issues. Policy and reporting look healthy.
A DMARC record exists but has warnings, for example p=none, missing rua, or minor tag issues.
No DMARC record was found, or the published value has syntax errors that receivers may ignore.
Informational messages that do not require immediate action but may help with optimization.
Valid, Invalid, or Not found, based on DNS presence and syntax checks.
none = monitor only; quarantine = send failing mail to spam; reject = block it.
Whether rua aggregate report addresses are configured to receive daily summaries.
Pass/fail rows for validity, policy strength, RUA, RUF, and error count.
Parsed tag/value pairs with descriptions for each DMARC directive.
Re-run the checker whenever you update SPF, DKIM, or DMARC to confirm the live record matches intent.
If Reporting shows "Not configured", add an aggregate address so you can see all mail sources.
Stay on p=none until aggregate reports show all legitimate senders passing SPF or DKIM.
Resolve every actionable issue while on p=none, switching to quarantine or reject too early can block real mail.
It queries DNS for a TXT record at _dmarc.yourdomain.com. That record tells mailbox providers how to handle mail that fails SPF or DKIM for your domain.
Nothing is published at _dmarc.yourdomain.com. Receivers have no DMARC policy for your domain, which leaves spoofing unprotected. Use the DMARC Generator to create one.
Valid means the record exists and passes syntax checks. Invalid means a record was found but contains errors, receivers may treat it as if no DMARC exists.
Not during rollout. p=none is correct for monitoring. It becomes a concern if you stay on none indefinitely without reviewing aggregate reports.
RUA receives daily aggregate reports about all mail using your domain. RUF receives individual failure samples, optional and often skipped due to volume.
Most updates propagate within minutes to a few hours, but allow up to 48 hours globally before concluding a record is missing.
No. Only one DMARC TXT record should exist at _dmarc.yourdomain.com. Multiple records cause receivers to ignore all of them.
SenderSignal monitors these signals continuously: 48 blacklists, SPF, DKIM, DMARC, TLS and more, with alerts in Slack, email and signed webhooks.