Free tools

DMARC Record Checker

Look up any domain's DMARC policy and understand it tag by tag - policy strength, reporting, alignment, and coverage.

How this DMARC checker works

The tool queries _dmarc.<your domain> for TXT records over DNS, straight from your browser. It validates that exactly one v=DMARC1 record exists, then explains each tag: the p= policy, subdomain policy, reporting addresses, the pct= rollout percentage, and SPF/DKIM alignment modes.

DMARC is the enforcement layer

SPF and DKIM authenticate mail, but on their own they don't protect the From address a human actually sees. DMARC ties authentication to the visible From domain and gives receivers explicit instructions when it fails - which is what actually stops spoofing and phishing in your name.

Skip the manual setup

AgenticEmail generates SPF, DKIM, and DMARC records for your sending domain automatically when you onboard it - and can create them directly in your DNS provider, then verify everything. Your agents send authenticated mail from day one. See the docs.

Frequently asked questions

What is a DMARC record?
DMARC is a DNS TXT record at _dmarc.yourdomain.com that tells receiving mail servers what to do with messages that fail SPF or DKIM alignment: deliver them anyway (p=none), send them to spam (p=quarantine), or refuse them (p=reject). It also requests reports so you can see who sends as your domain.
Is DMARC required now?
For anyone sending meaningful volume to Gmail or Yahoo, effectively yes - both require bulk senders to publish at least p=none DMARC, aligned SPF or DKIM, and one-click unsubscribe. Without it, delivery to those providers degrades sharply.
What's the difference between p=none, quarantine, and reject?
p=none monitors only: you get reports, but spoofed mail is still delivered. p=quarantine sends failing mail to spam. p=reject refuses it at the door. The standard rollout is none → quarantine → reject as your reports confirm all legitimate senders pass.
What are rua reports?
Aggregate reports - daily XML summaries receivers send to the address in your rua= tag, showing which IPs sent mail claiming to be your domain and whether they passed. They are how you find forgotten senders before tightening the policy.
Does DMARC work without SPF and DKIM?
No. DMARC's verdict is based on SPF and DKIM results plus alignment with the From domain. You need at least one of them passing and aligned - in practice, set up both. Use our SPF checker and DKIM checker alongside this tool.
Talk to a real person