DMARC Record Checker
The implementation of DMARC starts with the publishing of a valid DMARC record in DNS. Our DMARC Record Checker is a diagnostic tool that allows you to inspect a domain’s DMARC policy and identify any potential issues.
Warning
Error
Access/bookmark this inspection at
Did you mean
?
Tag
Translation
DMARC record policy details and comments:
You have a valid DMARC record that provides visibility into the entirety of your email program(s) and helps ensure you meet email sending best practices as well as select Yahoo and Google’s new sending requirements. Your domain however is not fully protected against abuse. Learn more about DMARC here Getting Started with DMARC or additional information about Yahoo and Google’s new sender requirements.
Optional Tags are present
Optional tags vary from defaults and provide additional control over a number of controls. These tags are explained in detail in the Legend below.
Value
Default
We were unable to find a DMARC record. As a result, this domain is not protected against abuse and likely does not meet the new Google and Yahoo sender requirements.
Add DMARC to disallow unauthorized use of your email domain to protect people from spam, fraud and phishing.
Great Job! You have a valid DMARC record that provides visibility into the entirety of your email program(s) and helps ensure you meet email sending best practices.
Your DMARC record seems to have some syntax errors. Your next step should be to solve this issue to restore visibility into your email programs and protections.
This is most often a typo or syntax error with the DMARC record in your domain's DNS. This is almost always a TXT record at location/target _dmarc. (example: _dmarc.example.com). You can use our DMARC Record Wizard to help you rebuild it correctly.
Click here to read our "Getting Started with DMARC" guide.
Get started with your DMARC project in just a few minutes with our free 30 day trial. No credit card required to register.
The organizational domain of this sub-domain is
Receivers will apply POLICY_DOMAIN's DMARC record to DOMAIN's email (because DOMAIN does not have its own explicit policy).
A policy of "PARENT_POLICY" would be applied to unauthorized DOMAIN email.
Though you do have a valid DMARC record, it doesn't look like you have a dmarcian account we were able to find. If you'd like our help with your DMARC project, you can start a free 30-day trial. No credit card required to register.
Enter domain
Inspect the domain
TAG | DEFAULT | TRANSLATION |
---|---|---|
v | DMARC1 | The DMARC version should always be “DMARC1”. Note: A wrong, or absent DMARC version tag causes the entire record to be ignored. |
p | none | Policy applied to emails that fails the DMARC check. Authorized values: “none”, “quarantine”, or “reject”. “none” is used to collect feedback and gain visibility into email streams without impacting existing flows. “quarantine” allows Mail Receivers to treat email that fails the DMARC check as suspicious. Most of the time, they will end up in your SPAM folder. “reject” outright rejects all emails that fail the DMARC check. |
adkim | r | Specifies “Alignment Mode” for DKIM signatures. Authorized values: “r”, “s”. “r”, or “Relaxed Mode”, allows Authenticated DKIM d= domains that share a common Organizational Domain with an email’s “header-From:” domain to pass the DMARC check. “s”, or “Strict Mode” requires exact matching between the DKIM d= domain and an email’s “header-From:” domain. |
aspf | r | Specifies “Alignment Mode” for SPF. Authorized values: “r”, “s”. “r”, or “Relaxed Mode” allows SPF Authenticated domains that share a common Organizational Domain with an email’s “header-From:” domain to pass the DMARC check. “s”, or “Strict Mode” requires exact matching between the SPF domain and an email’s “header-From:” domain. |
sp | p= value | Policy to apply to email from a sub-domain of this DMARC record that fails the DMARC check. Authorized values: “none”, “quarantine”, or “reject”. This tag allows domain owners to explicitly publish a “wildcard” sub-domain policy. |
fo | 0 | Forensic reporting options. Authorized values: “0”, “1”, “d”, or “s”. “0” generates reports if all underlying authentication mechanisms fail to produce a DMARC pass result, “1” generates reports if any mechanisms fail, “d” generates reports if DKIM signature failed to verify, “s” generates reports if SPF failed. |
ruf | none | The list of URIs for receivers to send Forensic reports to. Note: This is not a list of email addresses, as DMARC requires a list of URIs of the form “mailto:address@example.org”. |
rua | none | The list of URIs for receivers to send XML feedback to. Note: This is not a list of email addresses, as DMARC requires a list of URIs of the form “mailto:address@example.org”. |
rf | afrf | The reporting format for individual Forensic reports. Authorized values: “afrf”, “iodef”. |
pct | 100 | The percentage tag tells receivers to only apply policy against email that fails the DMARC check x amount of the time. For example, “pct=25” tells receivers to apply the “p=” policy 25% of the time against email that fails the DMARC check. Note: The policy must be “quarantine” or “reject” for the percentage tag to be applied. |
ri | 86400 | The reporting interval for how often you’d like to receive aggregate XML reports. You’ll most likely receive reports once a day regardless of this setting. |