Get a FREE .NL, .BE, .EU, or .COM domain with any hosting package! Claim your free domain!
TheHostMasters
Navigation
Hosting Plans
Domain Registration
Blog
Free Tools
About Us
Services
Free Domain Offer
Get a free .NL, .BE, .EU, or .COM with any hosting plan.
Claim now
Contact & Support
Get Started Today
NLEN
Free DMARC Checker

DMARC Record Checker

Check your DMARC configuration instantly. Verify DMARC records, policies, reporting addresses, alignment modes and enforcement settings to ensure proper email authentication.

DMARC RecordPolicyAlignmentReportingSubdomain PolicyPercentageFailure Options

Essential for preventing email spoofing, improving inbox placement and ensuring your domain's email authentication is correctly configured.

Validate DMARC Record

Check the raw DMARC TXT record and verify its structure.

Verify Policy

Confirm your enforcement policy is correctly configured.

Inspect Reporting

View aggregate and forensic reporting email addresses.

Check Alignment & Enforcement

Verify SPF/DKIM alignment modes and enforcement settings.

What can you check with this DMARC tool?

This DMARC checker helps you validate how your domain handles email authentication enforcement. It looks up the DMARC record at _dmarc.[domain] and displays the complete DNS configuration.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a core email authentication standard built on SPF and DKIM. A missing, broken or misconfigured DMARC setup can result in spoofing vulnerabilities, poor deliverability, and lack of visibility into email abuse. This tool helps you quickly diagnose and fix your DMARC configuration.

DMARC details you can inspect

Raw Record

Displays the full DMARC TXT record exactly as published in DNS, including the complete tag-value syntax.

Version (v)

Shows the DMARC version tag. Should always be DMARC1 for current DMARC implementations.

Policy (p)

Defines how receiving servers should handle emails that fail authentication checks.

Reporting Addresses (rua/ruf)

Specifies where aggregate and forensic DMARC reports should be delivered.

Alignment Modes (adkim/aspf)

Defines strict or relaxed alignment for DKIM and SPF validation.

Subdomain Policy (sp)

Defines how DMARC policies apply to subdomains.

Percentage (pct)

Specifies the percentage of failing emails the policy applies to.

DNS Lookup Path

Shows the exact DNS query: _dmarc.[domain] used to fetch the DMARC record.

When should you use a DMARC checker?

  • After configuring SPF and DKIM
  • When emails are marked as spam
  • After DNS or email provider changes
  • During SPF/DKIM/DMARC setup
  • When troubleshooting email delivery issues
  • To verify DMARC reporting is working
  • When tightening DMARC enforcement policies

Frequently Asked Questions

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication standard that builds on SPF and DKIM. It allows domain owners to define how receiving servers should handle emails that fail authentication checks and provides reporting to monitor spoofing and abuse attempts.

DMARC helps protect your domain against spoofing, phishing and email impersonation. It improves email deliverability, strengthens sender reputation and gives domain owners visibility into who is sending emails on behalf of their domain through detailed reports.

A DMARC policy defines how receiving mail servers should handle emails that fail SPF and DKIM authentication checks. The three available policies are none (monitor only), quarantine (send suspicious mail to spam), and reject (block failing emails entirely).

DMARC records use tag-value pairs. v=DMARC1 is the version tag. p= defines the policy action. rua= specifies aggregate report destinations. ruf= specifies forensic report destinations. adkim= and aspf= control DKIM and SPF alignment modes. pct= defines the percentage of messages the policy applies to.

If DMARC fails, the receiving mail server applies the policy defined in your DMARC record. With p=none, messages are still delivered. With p=quarantine, messages may be sent to spam. With p=reject, failing emails may be rejected entirely.

SPF verifies that the sending server is authorised to send mail for the domain. DKIM adds a cryptographic signature to verify content integrity and authenticity. DMARC builds on both SPF and DKIM by defining enforcement policies and reporting mechanisms for authentication failures.

DMARC alone is not enough to guarantee inbox delivery. Common reasons emails still land in spam despite having DMARC configured include poor sender reputation, missing SPF or DKIM alignment, low domain age, blacklisted IPs, or suspicious email content. Use this checker to verify your DMARC configuration first, then review your SPF and DKIM setup.

Enter your domain name into the checker above. The tool will perform a DNS TXT lookup at _dmarc.[domain]. If the record exists, you'll see the raw DMARC record along with parsed tags including policy, reporting addresses, and alignment settings. You can also inspect email headers for Authentication-Results: dmarc=pass.

Most domains should start with p=none to monitor authentication results without affecting delivery. After reviewing DMARC reports and fixing issues, you can move to p=quarantine and eventually p=reject for full protection against spoofed emails.

Yes. Email forwarding can cause SPF failures because forwarded messages are sent from different servers than the original sender. DMARC may fail if SPF and DKIM alignment are broken during forwarding. ARC (Authenticated Received Chain) was developed to help address these forwarding challenges.

DMARC supports relaxed (r) and strict (s) alignment modes for SPF and DKIM. Relaxed alignment is the default and works for most domains. Strict alignment provides stronger security but can cause legitimate emails to fail if subdomains or third-party senders are involved.

DMARC reports should be reviewed regularly, especially after changing email providers or authentication settings. Monitoring reports weekly or monthly helps identify unauthorised senders, authentication failures and spoofing attempts targeting your domain.

A DMARC record is a TXT record added to your domain's DNS at _dmarc.yourdomain.com. A basic DMARC record looks like: v=DMARC1; p=none. You can then add reporting addresses, alignment modes and enforcement settings as needed.

DNS changes typically propagate within a few minutes to a few hours, depending on the TTL (Time To Live) set on your DNS records and your DNS provider. In most cases, expect visibility within 24 to 48 hours maximum, though it is often much faster in practice.

When you enter a domain, the tool performs a DNS TXT lookup at _dmarc.[domain]. It then displays the raw DMARC record and parses all tag-value pairs including version (v), policy (p), aggregate reporting (rua), forensic reporting (ruf), alignment modes (adkim/aspf), subdomain policy (sp), and percentage (pct).

You should check your DMARC configuration whenever you set up a new email provider, notice deliverability issues, after DNS changes, or as part of regular security audits. Periodic checks every 3-6 months help ensure your policies and reporting configuration remain valid.

Yes, this DMARC checker is completely free. Enter any domain to validate your DMARC configuration instantly, with no account or sign-up required.
News & Articles

The Latest News and Articles

View All