DMARC Inspector

The DMARC Inspector is a diagnostic tool that parses and presents a view of DMARC records for any domain.

Our tools are under maintenance. Please try again later.

Warning

Error

Access/bookmark this inspection at

Tag

Translation

Warnings / Errors

Discovered Tags

declared explicitly in DMARC record

Value

Default

No DMARC record published.

Congratulations! Your DMARC record is valid.

There is something wrong with your DMARC record.

If you're the owner of this domain, get started by publishing a DMARC record.

The organizational domain of this sub-domain is

Receivers will apply POLICY_DOMAIN's DMARC record to DOMAIN's email (because DOMAIN does not publish an explicit policy).

A policy of "PARENT_POLICY" would be applied to unauthorized DOMAIN email.

Enter domain

Inspect the domain

Legend

Tag Default Translation
v DMARC1 The DMARC version should always be “DMARC1”. Note: A wrong, or absent DMARC version tag would cause the entire record to be ignored.
p none Policy applied to emails that fails the DMARC check. Authorized values: “none”, “quarantine”, or “reject”. “none” is used to collect feedback and gain visibility into email streams without impacting existing flows. “quarantine” allows Mail Receivers to treat email that fails the DMARC check as suspicious. Most of the time, they will end up in your SPAM folder. “reject” outright rejects all emails that fail the DMARC check.
adkim r Specifies “Alignment Mode” for DKIM signatures. Authorized values: “r”, “s”. “r”, or “Relaxed Mode”, allows Authenticated DKIM d= domains that share a common Organizational Domain with an email’s “header-From:” domain to pass the DMARC check. “s”, or “Strict Mode” requires exact matching between the DKIM d= domain and an email’s “header-From:” domain.
aspf r Specifies “Alignment Mode” for SPF. Authorized values: “r”, “s”. “r”, or “Relaxed Mode” allows SPF Authenticated domains that share a common Organizational Domain with an email’s “header-From:” domain to pass the DMARC check. “s”, or “Strict Mode” requires exact matching between the SPF domain and an email’s “header-From:” domain.
sp p= value Policy to apply to email from a sub-domain of this DMARC record that fails the DMARC check. Authorized values: “none”, “quarantine”, or “reject”. This tag allows domain owners to explicitly publish a “wildcard” sub-domain policy.
fo 0 Forensic reporting options. Authorized values: “0”, “1”, “d”, or “s”. “0” generates reports if all underlying authentication mechanisms fail to produce a DMARC pass result, “1” generates reports if any mechanisms fail, “d” generates reports if DKIM signature failed to verify, “s” generates reports if SPF failed.
ruf none The list of URIs for receivers to send Forensic reports to. Note: This is not a list of email addresses, as DMARC requires a list of URIs of the form “mailto:address@example.org”.
rua none The list of URIs for receivers to send XML feedback to. Note: This is not a list of email addresses, as DMARC requires a list of URIs of the form “mailto:address@example.org”.
rf afrf The reporting format for individual Forensic reports. Authorized values: “afrf”, “iodef”.
pct 100 The percentage tag tells receivers to only apply policy against email that fails the DMARC check x amount of the time. For example, “pct=25” tells receivers to apply the “p=” policy 25% of the time against email that fails the DMARC check. Note: The policy must be “quarantine” or “reject” for the percentage tag to be applied.
ri 86400 The reporting interval for how often you’d like to receive aggregate XML reports. You’ll most likely receive reports once a day regardless of this setting.