DMARC Record Checker
Enter any domain to retrieve and analyze its DMARC record. See the enforcement policy, alignment settings, reporting addresses, and configuration status.
What Is a DMARC Record?
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication policy published in DNS. It tells receiving mail servers what to do when SPF and DKIM checks fail, and instructs them to send reports back to you about authentication activity on your domain. DMARC is the capstone of email authentication — it unifies SPF and DKIM into a coherent policy.
A DMARC record is published as a TXT record at the subdomain _dmarc.yourdomain.com. The most important tag is p= which sets the policy: none means take no action (monitoring mode), quarantine means send failing messages to spam, and reject means block them entirely. Most domains start with none and graduate to reject over time as they confirm all legitimate senders are properly authenticated.
DMARC's reporting feature is uniquely valuable. When you include a rua (reporting URI for aggregate reports) address, major ISPs including Gmail, Outlook, and Yahoo will send you daily XML reports showing every IP that sent mail claiming to be from your domain. These reports let you identify unauthorized senders, discover misconfigured services, and monitor authentication health over time.
DMARC Record Tags Explained
p= (Policy)
The core enforcement policy: none, quarantine, or reject.
sp= (Subdomain Policy)
Policy for subdomains. Inherits p= if not set.
pct= (Percentage)
Percentage of messages the policy applies to. Default is 100.
rua= (Aggregate Reports)
Email address or URI to receive daily aggregate reports.
ruf= (Forensic Reports)
Email address to receive failure reports with message samples.
adkim= (DKIM Alignment)
r=relaxed (default), s=strict. Strict requires exact domain match.
aspf= (SPF Alignment)
r=relaxed (default), s=strict. Strict requires exact envelope-from match.
fo= (Failure Options)
When to send forensic reports: 0=both fail (default), 1=any fail, d=DKIM fail, s=SPF fail.
Frequently Asked Questions
1. What does it mean if a domain has no DMARC record?
Without a DMARC record, there is no DMARC policy — receiving servers apply no enforcement based on DMARC. This means spoofed emails claiming to be from your domain face no additional barrier beyond SPF and DKIM alone. Google and Yahoo now require a DMARC record (even p=none) for bulk senders. Every domain that sends email should publish at least a monitoring DMARC record.
2. What is the difference between p=none, p=quarantine, and p=reject?
p=none means DMARC is in monitoring mode — collect reports but take no action on failing messages. p=quarantine instructs receiving servers to deliver failing messages to the spam folder. p=reject means failing messages should be blocked entirely before reaching the inbox. Start with none, review reports for 2 to 4 weeks, then progress to quarantine and reject.
3. What is DMARC alignment?
Alignment means the domain that passes SPF or DKIM must match the domain in the visible From header. Relaxed alignment allows subdomain matches — mail.example.com aligns with example.com. Strict alignment requires an exact match. Use relaxed for most setups to avoid breaking forwarding and ESP-sent mail.
4. How do DMARC aggregate reports work?
When you include a rua email address in your DMARC record, major ISPs send you daily XML reports. Each report contains: which IPs sent mail from your domain, how many messages each sent, and whether SPF and DKIM passed or failed. Use these reports to find legitimate senders that need authentication configured and to detect spoofing attempts.
5. Does DMARC protect subdomains?
Your main domain's DMARC policy applies to subdomains unless you set an sp= tag. If you want subdomain protection, add sp=reject or sp=quarantine to your DMARC record. Without sp=, subdomains inherit your p= policy under relaxed alignment.
6. Can I set pct to less than 100?
Yes. Setting pct=25 means the DMARC policy applies to only 25% of failing messages. This is useful for gradual rollout — start at 10% or 25% when first enabling quarantine or reject to limit the impact if legitimate mail is misconfigured. Increase to 100 once you confirm no legitimate mail is failing.
Explorar Mais Recursos
Descubra todos os recursos poderosos que o BillionVerify oferece
Close the loop with clean email lists
DMARC protects your domain from spoofing. A verified email list protects your deliverability. Use BillionVerify to remove invalid and risky addresses.
100 free verifications daily · 99.9% SMTP accuracy · Instant API access · No credit card required