DMARC Record Lookup
Look up and parse the DMARC policy record for any domain. Verify your email authentication policy.
About DMARC Lookup
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication policy that builds on SPF and DKIM. It lets domain owners specify what receiving mail servers should do with messages that fail authentication — nothing, quarantine them, or reject them outright. It also provides a reporting mechanism so domain owners can see who is sending email claiming to be from their domain.
DMARC policy levels
- p=none — Monitor only. No action taken on failing messages. Used during initial deployment to gather reports without affecting delivery.
- p=quarantine — Messages failing DMARC checks are sent to the spam/junk folder. A significant step toward enforcement.
- p=reject — Messages failing DMARC are rejected outright. The strictest setting and the goal of full DMARC deployment.
Key DMARC tags
rua— Email address to receive aggregate reports (daily XML summaries of all email claiming your domain)ruf— Email address to receive forensic reports (individual failure reports)pct— Percentage of messages to apply the policy to (default 100). Useful for gradual rollout.sp— Separate policy for subdomains. Inherits frompif not specified.adkim/aspf— DKIM and SPF alignment modes:r(relaxed) ors(strict)
Alignment explained
DMARC alignment requires that the domain in the email's From: header matches the domain validated by SPF or DKIM. Relaxed alignment (r) allows subdomains to match; strict alignment (s) requires an exact match. DMARC passes if at least one mechanism (SPF or DKIM) aligns and passes.