Is your DMARC record set up correctly?

Enter a domain to check its DMARC record instantly. We look up _dmarc.yourdomain.com, parse every tag, and explain what's right, what's risky, and exactly how to fix what's broken. No jargon.

Frequently asked questions

What is a DMARC record?
A DMARC record is a TXT record published at _dmarc.yourdomain.com. It tells mailbox providers what to do with email that claims to come from your domain but fails SPF and DKIM authentication: deliver it (p=none), send it to spam (p=quarantine), or block it (p=reject). It also says where to send reports about that mail.
Do I need DMARC?
If you send email from your own domain, yes. Since February 2024, Gmail and Yahoo require DMARC for anyone sending 5,000+ emails a day, and they increasingly filter unauthenticated mail from smaller senders too. Without DMARC, anyone can also spoof your domain in phishing emails.
What's the difference between p=none, p=quarantine, and p=reject?
p=none only collects reports. Spoofed mail is still delivered. p=quarantine sends failing mail to spam. p=reject blocks it outright. Start at p=none to discover all your legitimate senders, then tighten to quarantine and finally reject.
Why does my DMARC record need a rua tag?
The rua tag is the address where mailbox providers send daily aggregate reports. Without it you get no visibility: you can't see who is sending as your domain, what's failing, or whether it's safe to enforce a stricter policy.