Tool

DMARC Checker

Look up a domain's DMARC policy — see enforcement level, reporting configuration, alignment settings, and a health score.

What is DMARC?

Domain-based Message Authentication, Reporting and Conformance (DMARC) builds on SPF and DKIM to tell receiving servers what to do with emails that fail authentication — reject, quarantine, or monitor. It also enables reporting so domain owners can see who is sending email in their name.

DMARC rollout steps

  1. 1
    Start with p=noneMonitor-only mode. Collect aggregate reports (rua=) for 2–4 weeks to understand your email flow.
  2. 2
    Move to p=quarantineFailing emails go to spam. Set pct=10 and increase gradually as you review reports.
  3. 3
    Enforce p=rejectFull rejection of unauthenticated email. Use pct=100 once confident all legitimate mail passes.

Frequently asked questions

Does DMARC replace SPF and DKIM?

No. DMARC requires either SPF or DKIM (ideally both) to be in place. It defines the policy, not the authentication itself.

What are aggregate reports (rua)?

Daily XML summaries sent by receiving mail servers showing what passed/failed. Essential for monitoring before enforcing reject.

Why is my score low with p=none?

p=none provides zero enforcement protection. The tool scores it low to encourage upgrading to quarantine or reject.