GDPR Compliance

We use cookies to ensure you get the best experience on our website. By continuing to use our site, you accept our use of cookies, privacy policy and terms of service.

Select theme:
star-1
star-2

DMARC Checker.

Validate your domain's DMARC policy and inspect each tag to ensure proper email authentication.

What is a DMARC Record? 

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a DNS record that tells receiving mail servers what to do if an email fails authentication. While SPF and DKIM verify the sender, DMARC enforces the policy.

How to Read a DMARC Record

 A typical DMARC record looks like this: v=DMARC1; p=reject; rua=mailto:admin@example.com

  • v=DMARC1: The version (always DMARC1).
  • p= (Policy): This is the most important part.
    • p=none: Just monitor and report; don't stop any emails (used for testing).
    • p=quarantine: Send suspicious emails to the recipient's Spam folder.
    • p=reject: Block failed emails entirely.
  • rua= (Aggregate Reporting): Think of this as a Daily Executive Summary. It tells you how many emails passed or failed and from which IP addresses. It does not contain personal data.
  • ruf= (Forensic/Failure Reporting): Think of this as a Crime Scene Report. When an email fails DMARC, the receiving server sends a redacted copy of that specific email to the ruf address. This helps you see exactly what the "spoofed" email looked like.

Frequently asked questions:

  • Do I need DMARC if I already have SPF and DKIM?

    Yes. SPF and DKIM are like ID cards, but DMARC is the bouncer. Without DMARC, a hacker can still spoof your domain, and the receiving server won't know whether to let the "fake" ID pass or block it.

  • What is DMARC Alignment?

    Alignment happens when the domain in the "From" header matches the domain validated by SPF and/or DKIM. If they don't match, DMARC will fail.

  • Why is my DMARC record not found?

    Ensure you added the record to the hostname _dmarc.yourdomain.com. If you added it to the root domain (yourdomain.com), it won't be recognized by mail servers.

  • Is p=none safe for a long time?

    p=none is great for the first few weeks to see who is sending mail on your behalf. However, it provides zero protectionagainst spoofing. Your goal should always be to move to p=quarantine or p=reject.

  • I have a ruf tag in my DMARC record, but I’m not getting any reports.

    This is very common. Because forensic reports (ruf) contain the actual headers and sometimes parts of the email body, many major mailbox providers (like Gmail and Outlook) have stopped sending them due to Privacy and GDPR concerns. They don't want to accidentally send PII (Personally Identifiable Information) to a third party. Today, ruf is mostly used by private enterprise mail servers rather than consumer ISPs.

star-1
star-2
arrow-1

Don’t leave your online presence to chance!

Try UptimeObserver today. Setup in 2 minutes.

Start Monitoring Free Pricing