DMARC Record Checker
Verify whether an email domain has DMARC (Domain-based Message Authentication) configured for anti-spoofing protection.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds on SPF and DKIM. It tells receiving mail servers what to do when an email fails authentication checks — whether to reject it, quarantine it, or let it through.
A DMARC record is published as a DNS TXT record at _dmarc.domain.com. It specifies the domain's authentication policy (none, quarantine, or reject), where to send aggregate reports, and how strictly to apply the policy. For example: "v=DMARC1; p=reject; rua=mailto:[email protected]".
DMARC is the final piece of the email authentication puzzle. While SPF verifies the sending server and DKIM verifies the message integrity, DMARC ties them together with a clear policy for handling authentication failures.
Why Check DMARC Records?
As of 2024, Google and Yahoo require DMARC for all bulk email senders. Domains without DMARC will increasingly see their emails rejected or filtered to spam. Checking DMARC is essential for both senders (to ensure compliance) and recipients (to assess sender trustworthiness).
For email list validation, a domain with DMARC configured indicates a mature, well-managed email infrastructure. Domains with DMARC "reject" policies are the most trustworthy — they've committed to strong email authentication and are unlikely to be associated with spam or fraud.
Frequently Asked Questions
What do the DMARC policies mean?
"p=none" monitors but takes no action on failures (good for testing). "p=quarantine" sends failed emails to spam. "p=reject" blocks failed emails entirely. Reject provides the strongest protection against spoofing.
Do I need both SPF and DMARC?
Yes. DMARC requires either SPF or DKIM (preferably both) to function. Without at least one underlying authentication method, DMARC has nothing to base its decisions on. Check your SPF records alongside DMARC.
How long does DMARC take to set up?
Adding a DMARC record takes minutes — it's just a DNS TXT record. However, moving from p=none to p=reject should be gradual. Start with monitoring (p=none), analyze reports for a few weeks, then progressively tighten the policy.