DMARC Record Checker

Look up and parse a domain's DMARC TXT record at _dmarc.<domain>.

Without DMARC monitoring, spoofing attacks go undetected until the damage is done.

Monitor DMARC policy and reporting

  • Continuous DMARC validation
  • Policy change alerts
  • Aggregate report monitoring
  • SPF / DKIM alignment checks
  • Email + Slack notifications
  • Forensic failure alerts
Start monitoring → 14-day free trial · No credit card required

Frequently Asked Questions

What is a DMARC record?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a DNS TXT record at _dmarc.yourdomain.com that tells receivers what to do with email that fails SPF and DKIM, and where to send reports. Example: v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com.

What does the policy (p=) mean?
  • p=none — monitor only; take no action (use this to start and collect reports).
  • p=quarantine — send failing mail to spam.
  • p=reject — block failing mail outright (the strongest protection).
How does DMARC relate to SPF and DKIM?

DMARC builds on both. A message passes DMARC when it passes SPF or DKIM and that authenticated domain aligns with the From address. You need SPF and/or DKIM in place first; DMARC then sets the policy and enables reporting.

What are rua and ruf?

rua is the address for aggregate reports — daily XML summaries of who is sending on your behalf and how authentication is doing. ruf is for forensic (per-message) failure reports, though most providers no longer send these for privacy reasons.

How should I roll out DMARC safely?

Start at p=none and review the aggregate reports for a few weeks to make sure all legitimate senders pass. Then move to p=quarantine (optionally with pct= to ramp gradually), and finally p=reject once you're confident nothing legitimate is failing.