DMARC is a DNS-based rule that informs receiving servers how to handle unauthorized emails. Domain admins set up a DMARC TXT Record, which is checked against SPF and DKIM authentication. Reports help improve security enforcement.

How does DMARC work with subdomains?

By default, a DMARC record on the root domain applies to all subdomains unless an explicit DMARC policy is set for a subdomain.

DMARC Record Lookup

Q: What Is a DMARC Record Lookup Tool?

A DMARC Record Checker is a free online tool that verifies and validates your domain’s DMARC record. It provides a comprehensive analysis to help you identify any issues and ensure proper setup and compliance.

Q: Why Check your DMARC record?

A DMARC lookup tool shows if a DMARC record exists and identifies potential issues. If problems are found, EasyDMARC’s platform provides solutions to enhance domain-level security.

Q: Why are DMARC reports important?

DMARC reports provide critical insights into your email ecosystem, showing authorized and unauthorized sources, email sending volume, and reasons for authentication failures. This data helps achieve proper DMARC enforcement.

Q: What does DMARC compliant mean?

DMARC compliance means that your outgoing email server is authenticated and properly aligned with either SPF or DKIM authentication protocols.

Q: What does DMARC domain alignment mean?

Domain Alignment ensures that the email 'From' address matches the authenticated domain in SPF and DKIM checks, preventing email spoofing.

Q: Can I add a DMARC Record without DKIM?

Yes, you can add a DMARC record without DKIM, but DMARC compliance requires either SPF or DKIM authentication. It is recommended to set up both SPF and DKIM for the best security results.

Check DMARC Records to find any security issues and fix them.

Reliably Authentic Emails Every Time with DMARC Record Checker

EasyDMARC’s DMARC Record Checker is the most powerful and user-friendly DMARC diagnostic tool for DMARC validation and record testing. Our DMARC checker tool can easily look up DMARC records to test authenticity and ensure correct configuration.

After using our DMARC lookup tool to compile any DMARC record issues, you’ll need a good platform to help you solve them, and that’s where Easy DMARC has you covered. Our platform provides all the necessary tools and action plans to achieve security compliance. Try EasyDMARC’s DMARC checker today, and find out how we can help make your email authentication easy, secure, and fast.

What Is DMARC?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that protects domains from unauthorized use, such as phishing and spoofing attacks. By implementing a DMARC record, domain owners can specify how receiving email servers should handle messages that fail SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) checks.

DMARC helps ensure legitimate emails are delivered while providing detailed reports to monitor and strengthen email security. It’s an essential step for safeguarding brand reputation and enhancing email deliverability.

Why Use EasyDMARC For DMARC Lookups?

When it comes to DMARC lookups, EasyDMARC stands out as a trusted solution.

Comprehensive Reporting and Analysis

Gain detailed insights into email authentication results
Identify spoofing attempts and misconfigurations with ease
View clear visualizations and in-depth reports that help you understand your email ecosystem

User-Friendly
Interface

Intuitive dashboard designed for all skill levels
Effortlessly navigate, configure, and analyze your DMARC data
Simplified setup process with helpful guides and prompts

Enhanced Email
Security

Protect your brand from phishing, spoofing, and impersonation attacks
Ensure only authorized entities can send emails on your behalf
Receive real-time alerts to stay ahead of potential threats

Advanced DNS Record Checking

Validate your SPF, DKIM, and DMARC records with a single click
Detect misconfigurations that could weaken your email security
Get recommendations to optimize your DNS records for maximum protection

Tailored Features for Every Need

MSP and Enterprise-friendly tools to manage multiple domains
Scalable solutions for businesses of all sizes
Ongoing updates to keep you ahead of emerging threats

Trusted by Thousands of Organizations

Proven results with clients in diverse industries
A strong reputation for reliability and efficiency in email security

Do a DMARC Check Now

EasyDMARC Has Everything You Need For Secure Servers

Discover a suite of powerful tools designed to enhance your email security.

DMARC Check

Verify your domain’s DMARC records in seconds to identify vulnerabilities and secure your email ecosystem.

Learn More About DMARC Check

DKIM Toolset

Quickly check, generate, and analyze your DKIM records to ensure your emails are authenticated with digital signatures.

Learn More About DKIM Tools

SPF Flattening

Overcome SPF record limitations and prevent email authentication errors with our automated SPF flattening tool.

Find Out About SPF Flattening

Managed BIMI

Build trust with your audience and boost email engagement by displaying your brand logo in email inboxes using BIMI.

Explore BIMI Generator

Domain Scanner

Identify potential risks associated with your domain to ensure comprehensive security.

Check Out Domain Scanner

Discover these and other best-in-class features
by signing up for a 14-day free trial.

Start your Free Trial

DMARC Tag Explanations

DMARC Record Checker will display the following tags.

TAG	TAG DESCRIPTION
v (required)	The version tag. The only allowed value is "DMARC1". If it's incorrect or the tag is missing, the DMARC record will be ignored.
p (required)	The DMARC policy. Allowed values are "none", "quarantine", or "reject". The default is "none," which takes no action against non-authenticated emails. It only helps collect DMARC reports and gain insight into your current email flows and their authentication status. "quarantine" marks the failed emails as suspicious, while "reject" blocks them.
rua	Aggregate report sending destination. It's the "mailto:" URI that ESPs use to send failure reports. The tag is optional, but you won’t receive reports if you skip it.
ruf	Forensic (Failure) report sending destination. It's the "mailto:" URI that ESPs use to send failure reports. The tag is optional, but you won’t receive reports if you skip it.
sp	The subdomain policy. The subdomain inherits the domain policy tag (p=) explained above unless specifically defined here. Like the domain policy, the allowed values are "none," "quarantine," or "reject." This option isn't widely used nowadays.
adkim	The DKIM signature alignment. This tag follows the alignment between the DKIM domain and the parent Header From domain. Allowed values are "r" (relaxed) or "s" (strict). "r" is the default and allows a partial match, while the "s" tag requires the domains to be the same.
aspf	The SPF alignment. This tag follows the alignment between the SPF domain (the sender) and the Header From domain. Allowed values are "r" (relaxed) or "s" (strict). "r" is the default, and allows a partial match, while the "s" tag requires the domains to be exactly the same.
fo	Forensic reporting options. Allowed values are "0," "1," "d," and "s." "0" is the default value, which generates a forensic report when both SPF and DKIM fail to produce an aligned pass. If either of the protocol outcome is something other than pass, use "1." "d" generates a report when DKIM is invalid, while "s" does the same for SPF. Define the ruf tag to receive forensic reports.
rf	The reporting format for failure reports. Allowed values are "afrf" and "iodef".
pct	The percentage tag. This tag works on domains with "quarantine" or "reject" policy only. It marks the percentage of failed emails a given policy should be applied to. The rest falls under a lower policy. For example, if "pct=70," on a domain with "quarantine" policy, it applies only 70% of the time. The remaining 30% goes under "p=none". Similarly, if "p=reject" and "pct=70," "reject" applies to the 70% of failed emails, and the 30% go into "quarantine."
ri	Reporting interval. Marks the frequency of received XML reports in seconds. The default is 86400 (once a day). Regardless of the set interval, in most cases, ISPs send the reports at different intervals (usually once a day).

What is a DMARC Record?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication, policy, and reporting protocol. You generate the record syntax and add it to the DNS as a simple TXT Record. A DMARC record lets domain admins announce their policies for unauthorized emails and receive reports on their outgoing email infrastructure.

What Is a DMARC Record Lookup Tool?

DMARC Record Checker is a free online DMARC diagnostic and lookup tool that allows you to verify and validate your domain's DMARC record, providing comprehensive DMARC verification. Simply enter your domain name, and the tool will retrieve the DMARC record and provide you with a comprehensive configuration analysis. With a DMARC lookup tool, you can quickly identify any issues with your DMARC record and take the necessary steps to ensure proper setup and compliance.

Why Check your DMARC record?

A DMARC lookup tool shows if the DMARC record exists and reveals existing issues. This helps to ensure that your business domain infrastructure is protected. If the DMARC Record Checker finds any problems, you can always turn to EasyDMARC’s platform and fix anything that hinders your domain-level security.

Why are DMARC reports important?

DMARC reports are key for successful DMARC enforcement (reaching to p=reject). They’re a data goldmine about your outgoing email ecosystem, showing legitimate and unauthorized sources, your email sending volume, and reasons for failing. Using this information, you can put together an action plan for swift DMARC enforcement and, ultimately, compliance.

What does DMARC compliant mean?

DMARC Compliance means that your outgoing email server is authenticated and aligned with either SPF or DKIM authentication protocols.

How does DMARC work?

In short, DMARC is an announcement on a domain’s DNS that states how the receiving servers should deal with emails from unauthorized sending sources. Here’s how it happens.

First, the domain admin implements a DMARC TXT Record in their DNS, mentioning the required and recommended tags like version, policy, and reporting. This sets the rule for receiving servers.

Receiving servers apply this added rule to all the emails from the given domain by reviewing SPF and DKIM authentication and alignment.

If the reporting tags RUA and RUF are in place, the domain administrator will start receiving DMARC reports. The next step is to dig into source alignment, gradually moving to a more strict policy by first implementing quarantine, then rejecting.

What does DMARC domain alignment mean?

Domain Alignment is the core DMARC concept. It ensures that the email address in the “From” header is the actual sender of the message. This means that the domain SPF check (which is based on “Envelope From:” or “Return-Path” address) and the DKIM signing domain (d=example.net) align with the message “From:” address.

How does a DMARC work with subdomains?

By default, DMARC Record or policy implemented on the root domain level will automatically apply on all subdomain levels, unless admins implement explicit DMARC Record on the subdomain(s) level.

Can I Add a DMARC Record Without DKIM?

Technically, you can add a DMARC record without having a DKIM record. However, for DMARC to pass, you need to have either SPF or DKIM authentication and alignment in place.

At EasyDMARC, we always advise our customers to start their DMARC journey by setting up both SPF and DKIM, and only then move on to DMARC.

Following email authentication best practices will ensure that you avoid false positive cases, lose or block legitimate emails, or damage your domain ecosystem in any way.

Join the 83,500+ companies and 175,000+ domains secured with us

Simplify YourDMARC Experience

All-In-One Email Deliverability Platform

Mastering Email Protection and Implementation: