Is your DMARC record set up correctly?
Enter a domain to check its DMARC record instantly. We look up _dmarc.yourdomain.com, parse every tag, and explain what's right, what's risky, and exactly how to fix what's broken. No jargon.
Frequently asked questions
- What is a DMARC record?
- A DMARC record is a TXT record published at _dmarc.yourdomain.com. It tells mailbox providers what to do with email that claims to come from your domain but fails SPF and DKIM authentication: deliver it (p=none), send it to spam (p=quarantine), or block it (p=reject). It also says where to send reports about that mail.
- Do I need DMARC?
- If you send email from your own domain, yes. Since February 2024, Gmail and Yahoo require DMARC for anyone sending 5,000+ emails a day, and they increasingly filter unauthenticated mail from smaller senders too. Without DMARC, anyone can also spoof your domain in phishing emails.
- What's the difference between p=none, p=quarantine, and p=reject?
- p=none only collects reports. Spoofed mail is still delivered. p=quarantine sends failing mail to spam. p=reject blocks it outright. Start at p=none to discover all your legitimate senders, then tighten to quarantine and finally reject.
- Why does my DMARC record need a rua tag?
- The rua tag is the address where mailbox providers send daily aggregate reports. Without it you get no visibility: you can't see who is sending as your domain, what's failing, or whether it's safe to enforce a stricter policy.