DMARC Record Checker
Use this tool to check, lookup, and validate your DMARC record.
- Dmarc Tag Explanations
- Start Your Email Authentication Journey With Our DMARC Checker
- What Is DMARC Record Lookup Tool?
- What is the DMARC record?
- Why Check your DMARC record?
- Why are DMARC reports important?
- What does DMARC compliant mean?
- How does DMARC work?
- What does DMARC domain alignment mean?
- How does a DMARC work with subdomains?
- Can I Add a DMARC Record Without DKIM?
DMARC Tag Explanations
DMARC Record Checker will display the following tags.
| TAG | TAG DESCRIPTION |
|---|---|
| v (required) | The version tag. The only allowed value is "DMARC1". If it's incorrect or the tag is missing, the DMARC record will be ignored. |
| p (required) | The DMARC policy. Allowed values are "none", "quarantine", or "reject". The default is "none," which takes no action against non-authenticated emails. It only helps collect DMARC reports and gain insight into your current email flows and their authentication status. "quarantine" marks the failed emails as suspicious, while "reject" blocks them. |
| rua | Aggregate report sending destination. It's the "mailto:" URI that ESPs use to send failure reports. The tag is optional, but you won’t receive reports if you skip it. |
| ruf | Forensic (Failure) report sending destination. It's the "mailto:" URI that ESPs use to send failure reports. The tag is optional, but you won’t receive reports if you skip it. |
| sp | The subdomain policy. The subdomain inherits the domain policy tag (p=) explained above unless specifically defined here. Like the domain policy, the allowed values are "none," "quarantine," or "reject." This option isn't widely used nowadays. |
| adkim | The DKIM signature alignment. This tag follows the alignment between the DKIM domain and the parent Header From domain. Allowed values are "r" (relaxed) or "s" (strict). "r" is the default and allows a partial match, while the "s" tag requires the domains to be the same. |
| aspf | The SPF alignment. This tag follows the alignment between the SPF domain (the sender) and the Header From domain. Allowed values are "r" (relaxed) or "s" (strict). "r" is the default, and allows a partial match, while the "s" tag requires the domains to be exactly the same. |
| fo | Forensic reporting options. Allowed values are "0," "1," "d," and "s." "0" is the default value, which generates a forensic report when both SPF and DKIM fail to produce an aligned pass. If either of the protocol outcomes is something other than pass, use "1." "d" generates a report when DKIM is invalid, while "s" does the same for SPF. Define the ruf tag to receive forensic reports. |
| rf | The reporting format for failure reports. Allowed values are "afrf" and "iodef". |
| pct | The percentage tag. This tag works on domains with a "quarantine" or "reject" policy only. It marks the percentage of failed emails a given policy should be applied to. The rest falls under a lower policy. For example, if "pct=70," on a domain with a "quarantine" policy, it applies only 70% of the time. The remaining 30% goes under "p=none". Similarly, if "p=reject" and "pct=70," "reject" applies to 70% of failed emails, and 30% go into "quarantine." |
| ri | Reporting interval. Marks the frequency of received XML reports in seconds. The default is 86400 (once a day). Regardless of the set interval, in most cases, ISPs send the reports at different intervals (usually once a day). |
Start Your Email Authentication Journey With Our DMARC Checker
EasyDMARC’s DMARC Record Checker is the most powerful and user-friendly DMARC diagnostic tool for testing and validating your DMARC records.
With our DMARC checker tool, you can easily run a DMARC lookup to test the authenticity of your DMARC records and ensure their correct configuration.
Once you have your DMARC record issues outlined in the checker results, it’s time to implement the right platform to solve them. EasyDMARC gives you all the necessary tools and a great action plan to achieve all your DMARC compliance goals.
Frequently Asked Questions
What Is DMARC Record Lookup Tool?
DMARC Record Checker is a free online DMARC diagnostic tool that allows you to verify and validate your domain's DMARC record. Simply enter your domain name, and the tool will retrieve the DMARC record and provide you with its comprehensive configuration analysis. With this tool, you can quickly identify any issues with your DMARC record and take the necessary steps to ensure its proper setup and compliance.
What is the DMARC record?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication, policy, and reporting protocol. You generate the record syntax and add it to the DNS as a simple TXT Record. A DMARC record lets domain admins announce their policies for unauthorized emails and receive reports on their outgoing email infrastructure.
Why Check your DMARC record?
A DMARC lookup shows if the DMARC record exists and reveals existing issues. This helps to ensure that your business domain infrastructure is protected. If the DMARC Record Checker finds any problems, you can always turn to EasyDMARC’s platform and fix anything that hinders your domain-level security.
Why are DMARC reports important?
DMARC reports are key for successful DMARC enforcement (reaching to p=reject). They’re a data goldmine about your outgoing email ecosystem, showing legitimate and unauthorized sources, your email sending volume, and reasons for failing. Using this information, you can put together an action plan for swift DMARC enforcement and, ultimately, compliance.
What does DMARC compliant mean?
DMARC Compliance means that your outgoing email server is authenticated and aligned with either SPF or DKIM authentication protocols.
How does DMARC work?
In short, DMARC is an announcement on a domain’s DNS that states how the receiving servers should deal with emails from unauthorized sending sources. Here’s how it happens.
- First, the domain admin implements DMARC TXT Record in their DNS, mentioning the required and recommended tags like version, policy, and reporting. This sets the rule for receiving servers.
- Receiving servers apply this added rule to all the emails from the given domain by reviewing SPF and DKIM authentication and alignment.
- If the reporting tags RUA and RUF are in place, the domain administrator will start receiving DMARC reports
- The next step is to dig into source alignment, gradually moving to a more strict policy (first to “quarantine", and then to “reject").
What does DMARC domain alignment mean?
Domain Alignment is the core DMARC concept. It ensures that the email address in the From header is the actual sender of the message. This means that the domain SPF check (which is based on Envelope From: or Return-Path address) and the DKIM signing domain (d=example.net) align with the message From: address.
How does a DMARC work with subdomains?
By default, DMARC Record or policy implemented on the root domain level will automatically apply on all subdomain(s) levels, unless admins implement explicit DMARC Record on the subdomain(s) level.
Can I Add a DMARC Record Without DKIM?
Technically, you can add a DMARC record without having a DKIM record. However, for DMARC to pass, you need to have either SPF or DKIM authentication and alignment in place.
At EasyDMARC, we always advise our customers to start their DMARC journey by setting up both SPF and DKIM, and only then move on to DMARC.
Following email authentication best practices will ensure that you avoid false positive cases, lose or block legitimate emails, or damage your domain ecosystem in any way.