Free DMARC Record Checker & Validator
Instantly check your domain's DMARC, SPF, and DKIM records. Get color-coded policy indicators and actionable recommendations to protect against email spoofing and phishing attacks.
DMARC
Domain-based Message Authentication, Reporting, and Conformance. Tells receiving servers how to handle unauthenticated emails.
SPF
Sender Policy Framework. Specifies which mail servers are authorized to send email on behalf of your domain.
DKIM
DomainKeys Identified Mail. Adds a digital signature to emails to verify they haven't been tampered with in transit.
Uses cryptographic keys to sign and verify messages
How to Use the DMARC Checker
Enter Your Domain
Type your domain name (e.g., example.com) into the input field above. No need to include http:// or www.
Analyze Results
Review your DMARC, SPF, and DKIM records with color-coded status indicators and security score grading.
Take Action
Follow the personalized recommendations to improve your email security and protect against spoofing.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that protects your domain from unauthorized use. It prevents cybercriminals from sending phishing emails that appear to come from your organization.
DMARC works by building on two existing authentication mechanisms—SPF and DKIM—and adds a crucial policy layer that tells receiving mail servers what to do when an email fails authentication.
Without DMARC, anyone can send emails pretending to be from your domain. This is called email spoofing and is the primary technique used in business email compromise (BEC) attacks, which cost organizations billions of dollars annually.
How DMARC Works
Email arrives at receiving server
Server checks SPF and DKIM authentication
DMARC verifies alignment with From header
Policy determines: deliver, quarantine, or reject
DMARC Policy Levels Explained
DMARC policies tell receiving servers what to do with emails that fail authentication. Choose the right level for your organization.
Monitor Mode
Emails are delivered normally regardless of authentication. You receive reports to monitor who is sending email using your domain.
Best for: Initial DMARC deployment to identify all legitimate email sources before enforcement.
Quarantine Mode
Failing emails are sent to spam/junk folders. Recipients can still access them, but they're flagged as potentially fraudulent.
Best for: Transition phase after monitoring, when you're confident but want a safety net.
Reject Mode
Failing emails are blocked entirely. This provides maximum protection against domain spoofing and phishing attacks.
Best for: Full protection after confirming all legitimate email sources pass authentication.
Common DMARC Tags Reference
Understanding DMARC record tags helps you configure email authentication correctly for your domain.
| Tag | Required | Description | Example |
|---|---|---|---|
| v | Yes | Version identifier. Must be "DMARC1" | v=DMARC1 |
| p | Yes | Policy for domain (none, quarantine, reject) | p=reject |
| sp | No | Policy for subdomains (inherits from p if not set) | sp=quarantine |
| pct | No | Percentage of messages to apply policy (1-100) | pct=100 |
| rua | Recommended | Email address for aggregate reports (daily XML) | rua=mailto:dmarc@domain.com |
| ruf | No | Email address for forensic (failure) reports | ruf=mailto:forensic@domain.com |
| adkim | No | DKIM alignment mode (r=relaxed, s=strict) | adkim=r |
| aspf | No | SPF alignment mode (r=relaxed, s=strict) | aspf=r |
Example DMARC Record
v=DMARC1; p=reject; sp=reject; pct=100; rua=mailto:dmarc@yourdomain.com; adkim=r; aspf=rThis record rejects all emails that fail DMARC authentication and sends daily aggregate reports to your specified email address.
Benefits of DMARC Implementation
Properly configured DMARC provides multiple layers of protection for your organization.
Improved Deliverability
Emails from authenticated domains are more likely to reach inboxes. Major providers like Google and Microsoft favor DMARC-authenticated senders.
Phishing Prevention
Stop cybercriminals from sending fraudulent emails that impersonate your brand. Protect customers and partners from phishing attacks.
Brand Protection
Maintain your brand reputation by preventing unauthorized use of your domain. Build trust with recipients who know your emails are authentic.
Visibility & Reporting
Gain insights into who is sending email using your domain. DMARC reports reveal both legitimate sources and potential abuse.
Compliance Ready
Meet industry compliance requirements. Many regulatory frameworks and security standards now recommend or require email authentication.
Reduce BEC Risk
Business Email Compromise attacks cost billions annually. DMARC makes it much harder for attackers to impersonate executives and employees.
DMARC vs SPF vs DKIM: Understanding the Differences
These three protocols work together to provide comprehensive email authentication. Each serves a unique purpose.
| Feature | DMARC | SPF | DKIM |
|---|---|---|---|
| Primary Purpose | Policy & Reporting | Server Authorization | Message Integrity |
| Checks From Header | Yes | No | Yes |
| Survives Forwarding | Depends | No | Yes |
| Provides Reports | Yes | No | No |
| Enforcement Policy | Yes | Limited | No |
| DNS Record Type | TXT at _dmarc | TXT at root | TXT at selector._domainkey |
| Setup Complexity | Medium | Easy | Complex |
They Work Best Together
While each protocol provides value independently, DMARC requires either SPF or DKIM to function. For maximum protection, implement all three: SPF to authorize sending servers, DKIM to verify message integrity, and DMARC to enforce policy and provide reporting. This layered approach is the industry standard for email security.
Troubleshooting Common DMARC Issues
Encountering problems with your DMARC configuration? Here are solutions to the most common issues.
No DMARC Record Found
Problem: Your domain doesn't have a DMARC record, leaving it vulnerable to email spoofing.
Solution: Add a DMARC TXT record to your DNS at _dmarc.yourdomain.com. Start with a monitoring policy:
SPF Alignment Failures
Problem: SPF passes but DMARC still fails because the envelope sender (Return-Path) domain doesn't match the From header domain.
Solutions:
- Configure your email service to use your domain in the Return-Path
- Use relaxed alignment mode (
aspf=r) which allows subdomains - Ensure DKIM is properly configured as a backup authentication method
DKIM Signature Not Found
Problem: Our checker couldn't find DKIM records for common selectors.
Solutions:
- Check with your email provider for the correct DKIM selector name
- Verify the DKIM DNS record is properly published at
selector._domainkey.yourdomain.com - Ensure your email platform has DKIM signing enabled
- Common selectors include: google, selector1, selector2, default, k1, s1
Legitimate Emails Being Blocked
Problem: After enabling DMARC reject policy, some legitimate emails are being blocked.
Solutions:
- Temporarily lower your policy to
p=quarantineorp=none - Review DMARC aggregate reports to identify failing sources
- Add missing email services to your SPF record
- Ensure all third-party senders have DKIM configured for your domain
- Use
pct=10to test policy on a small percentage first
SPF "Too Many DNS Lookups" Error
Problem: Your SPF record exceeds the 10 DNS lookup limit, causing validation failures.
Solutions:
- Use our SPF Checker to count your DNS lookups
- Replace
include:with directip4:/ip6:where possible - Remove deprecated or unused include statements
- Consider SPF flattening services for complex configurations
- Use subdomains for different email services to distribute lookups
Why Email Authentication Matters
Annual BEC Losses
Business Email Compromise attacks cost organizations billions each year. DMARC helps prevent domain spoofing, a key technique in BEC attacks.
Phishing Prevention
Organizations with properly configured DMARC see significant reductions in successful phishing attempts using their domain.
Improved Deliverability
Authenticated emails see higher inbox placement rates. Major providers prioritize emails from domains with DMARC.
Autonimate
Email Security Experts
With over a decade of experience securing email for businesses across South Florida, Autonimate has helped hundreds of organizations implement DMARC, SPF, and DKIM correctly. Our team understands the complexities of email authentication and can help you achieve maximum protection without disrupting your email operations.
Related Email Security Tools
Use our suite of free tools to comprehensively analyze your email authentication configuration.
SPF Record Checker
Analyze your SPF record configuration, check DNS lookup counts, and validate authorized sending sources.
Check SPFDKIM Checker
Verify DKIM signatures and public key records. Check if your emails are properly signed.
Coming SoonMX Record Lookup
Discover mail server configurations and verify MX record priority settings for your domain.
Coming SoonNeed Professional Email Security Setup?
Our cybersecurity experts can implement DMARC, SPF, and DKIM correctly—protecting your domain from spoofing while ensuring your legitimate emails are delivered.
Serving businesses across South Florida — Deerfield Beach, Fort Lauderdale, Boca Raton, Miami, West Palm Beach, and beyond.