DMARC Analyzer

Check and validate DMARC records for any domain. See your policy, reporting setup, and configuration issues instantly.

Email authentication
Instant results
No data stored

Protect your forms from fake emails

While DMARC protects your domain from spoofing, disposable emails still slip through your signup forms. Our API blocks 277,000+ temp email domains.

Get Free API Key →

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving mail servers what to do with emails that fail SPF or DKIM checks — and sends you reports about who is sending email on behalf of your domain.

Enforces Your Policy

DMARC's policy tag (p=) tells receivers to do nothing (none), quarantine, or reject emails that fail authentication. It's the enforcement layer on top of SPF and DKIM.

Visibility via Reports

The rua= tag delivers aggregate reports showing every server sending mail as your domain — including spoofers and forgotten services. Without it, you're flying blind.

Required for Bulk Senders

Since 2024, Gmail and Yahoo require DMARC for anyone sending 5,000+ emails per day. Missing DMARC now directly hurts deliverability for newsletters and transactional email.

Builds on SPF & DKIM

DMARC only works when SPF or DKIM is configured and aligned with your From domain. Check all three to complete your email authentication setup.

DMARC FAQ

Common questions about DMARC records and email authentication policy

What do the DMARC policies none, quarantine, and reject mean?

p=none is monitoring mode: failing emails are delivered normally, but you receive reports. p=quarantine sends failing emails to spam. p=reject blocks them outright.

Most domains start at p=none to collect reports, verify legitimate senders are aligned, then move to quarantine and finally reject for full protection against spoofing.

What does a DMARC record look like?

A DMARC record is a TXT record published at _dmarc.yourdomain.com. A typical record looks like: "v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; pct=100"

v= is the version (always DMARC1), p= is the policy, rua= is where aggregate reports are sent, and pct= is the percentage of failing mail the policy applies to.

Why does my DMARC policy say none — is that bad?

p=none is the right starting point, but it provides no protection: spoofed emails from your domain are still delivered. It's meant as a temporary monitoring phase.

Review your aggregate reports for a few weeks, fix any legitimate senders that fail alignment (marketing tools, CRMs, help desks), then upgrade to p=quarantine and eventually p=reject.

What is DMARC alignment (adkim / aspf)?

DMARC requires that the domain in the visible From header matches (aligns with) the domain that passed SPF or DKIM. The adkim= and aspf= tags control how strict this matching is.

Relaxed alignment (r, the default) allows subdomains to match — mail.yourdomain.com aligns with yourdomain.com. Strict alignment (s) requires an exact domain match. Relaxed is fine for most setups.

Does DMARC stop spam and fake signups?

DMARC protects your domain from being spoofed — it does nothing about spam or fake accounts arriving at your platform. Disposable email services have perfectly valid SPF, DKIM, and DMARC on their own domains.

To stop throwaway addresses at signup, use our disposable email detector or integrate the detection API, which checks addresses against 277,000+ known disposable domains in real time.