DMARC Record Checker
Look up and parse a domain's DMARC TXT record at _dmarc.<domain>.
Without DMARC monitoring, spoofing attacks go undetected until the damage is done.
Monitor DMARC policy and reporting
- ✓Continuous DMARC validation
- ✓Policy change alerts
- ✓Aggregate report monitoring
- ✓SPF / DKIM alignment checks
- ✓Email + Slack notifications
- ✓Forensic failure alerts
Frequently Asked Questions
What is a DMARC record?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a DNS TXT record at _dmarc.yourdomain.com that tells receivers what to do with email that fails SPF and DKIM, and where to send reports. Example: v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com.
What does the policy (p=) mean?
p=none— monitor only; take no action (use this to start and collect reports).p=quarantine— send failing mail to spam.p=reject— block failing mail outright (the strongest protection).
How does DMARC relate to SPF and DKIM?
DMARC builds on both. A message passes DMARC when it passes SPF or DKIM and that authenticated domain aligns with the From address. You need SPF and/or DKIM in place first; DMARC then sets the policy and enables reporting.
What are rua and ruf?
rua is the address for aggregate reports — daily XML summaries of who is sending on your behalf and how authentication is doing. ruf is for forensic (per-message) failure reports, though most providers no longer send these for privacy reasons.
How should I roll out DMARC safely?
Start at p=none and review the aggregate reports for a few weeks to make sure all legitimate senders pass. Then move to p=quarantine (optionally with pct= to ramp gradually), and finally p=reject once you're confident nothing legitimate is failing.