Display and verify your DMARC record to check for external domain usage, and prevent hackers from spoofing your domain.
A DMARC (Domain-based Message Authentication) Record Checker, or DMARC Lookup tool, checks the DMARC record for a domain. It shows the record in an easy-to-read format and runs tests to ensure it has been set up correctly. This tool helps prevent email fraud and protects the domain from being used in fake emails. MX Layer's DMARC Record Checker is a valuable tool for organizations seeking to ensure the integrity of their email communications.
MX Layer's DMARC Record Checker and Lookup Tool is vital for email security. It prevents spoofing and phishing attacks by verifying message authenticity. It identifies and fixes DMARC record issues, improving domain-level security. By validating DMARC records, it ensures accurate configuration, minimizing the risk of unauthorized access and data breaches.
DMARC Generator Tool: Navigate to Mx Layer's DMARC generator tool.
Search Your Domain: Enter your domain in the provided space and click on "Check DMARC Record."
Fill the Form: Specify how you want the recipient to treat mail that fails DMARC in the form that appears.
Generate DMARC: Your DMARC record will be generated and displayed on the left-hand side.
The DMARC Record Checker displays the following tags:
| TAG | TAG DESCRIPTION |
|---|---|
| v (required) | Specifies the version. Only "DMARC1" is allowed. Incorrect or missing tag results in the DMARC record being ignored. |
| p (required) | Defines the DMARC policy. Options are "none", "quarantine", or "reject". Default is "none", which takes no action but collects reports. "Quarantine" marks failed emails as suspicious. "Reject" blocks them. |
| rua | Specifies the destination for aggregate reports. Use the "mailto:" URI format. Optional, but skipping it means no reports. |
| ruf | Specifies the destination for forensic (failure) reports. Use the "mailto:" URI format. Optional, but skipping it means no reports. |
| sp | Defines the subdomain policy. Inherits the domain policy unless specified. Options are "none", "quarantine", or "reject". Not widely used. |
| adkim | Sets DKIM signature alignment. Options are "r" (relaxed) or "s" (strict). Default is "r". "r" allows partial matches. "s" requires exact matches. |
| aspf | Sets SPF alignment. Options are "r" (relaxed) or "s" (strict). Default is "r". "r" allows partial matches. "s" requires exact matches. |
| fo | Specifies forensic reporting options. Options are "0", "1", "d", and "s". Default is "0". "0" generates reports when both SPF and DKIM fail. "1" generates reports if either fails. "d" generates reports when DKIM fails. "s" generates reports when SPF fails. Requires the "ruf" tag. |
| rf | Defines the format for failure reports. Options are "afrf" and "iodef". |
| pct | Specifies the percentage of failed emails the policy applies to. Only works with "quarantine" or "reject" policies. For example, "pct=70" applies the policy to 70% of failed emails. The remaining 30% use a lower policy. |
| ri | Sets the reporting interval in seconds. Default is 86400 (once a day). ISPs usually send reports daily. |
| Label | Use | Aim | Example |
|---|---|---|---|
| v | Mandatory | Protocol version | v=DMARC1 |
| p | Mandatory | Policy associated with the domain | p=quarantine |
| pct | Optional | Percentage of filtered messages | pct=100 |
| rua | Optional | Reporting URI for aggregate reports | rua=mailto @yourdomain.com |
| sp | Optional | Policy for subdomains of the domain | sp=reject |
| aspf | Optional | Alignment mode for SPF | aspf=r |
v=DMARC1; p=reject; rua=mailto:[email protected]; pct=100; adkim=s; aspf=s