DMARC Record Checker and Lookup Tool

Display and verify your DMARC record to check for external domain usage, and prevent hackers from spoofing your domain.

Start Free Trial Start Free Trial

Why Do You Need a DMARC Record Checker and Lookup Tool?

A DMARC (Domain-based Message Authentication) Record Checker, or DMARC Lookup tool, checks the DMARC record for a domain. It shows the record in an easy-to-read format and runs tests to ensure it has been set up correctly. This tool helps prevent email fraud and protects the domain from being used in fake emails. MX Layer's DMARC Record Checker is a valuable tool for organizations seeking to ensure the integrity of their email communications.

MX Layer's DMARC Record Checker and Lookup Tool is vital for email security. It prevents spoofing and phishing attacks by verifying message authenticity. It identifies and fixes DMARC record issues, improving domain-level security. By validating DMARC records, it ensures accurate configuration, minimizing the risk of unauthorized access and data breaches.

DMARC Record Checker and Lookup Tool

Expert Tips to Manage MX Layer’s DMARC Record Checker Tool


DMARC Generator Tool: Navigate to Mx Layer's DMARC generator tool.


Search Your Domain: Enter your domain in the provided space and click on "Check DMARC Record."


Fill the Form: Specify how you want the recipient to treat mail that fails DMARC in the form that appears.


Generate DMARC: Your DMARC record will be generated and displayed on the left-hand side.

DMARC Tag Explanations

The DMARC Record Checker displays the following tags:

v (required) Specifies the version. Only "DMARC1" is allowed. Incorrect or missing tag results in the DMARC record being ignored.
p (required) Defines the DMARC policy. Options are "none", "quarantine", or "reject". Default is "none", which takes no action but collects reports. "Quarantine" marks failed emails as suspicious. "Reject" blocks them.
rua Specifies the destination for aggregate reports. Use the "mailto:" URI format. Optional, but skipping it means no reports.
ruf Specifies the destination for forensic (failure) reports. Use the "mailto:" URI format. Optional, but skipping it means no reports.
sp Defines the subdomain policy. Inherits the domain policy unless specified. Options are "none", "quarantine", or "reject". Not widely used.
adkim Sets DKIM signature alignment. Options are "r" (relaxed) or "s" (strict). Default is "r". "r" allows partial matches. "s" requires exact matches.
aspf Sets SPF alignment. Options are "r" (relaxed) or "s" (strict). Default is "r". "r" allows partial matches. "s" requires exact matches.
fo Specifies forensic reporting options. Options are "0", "1", "d", and "s". Default is "0". "0" generates reports when both SPF and DKIM fail. "1" generates reports if either fails. "d" generates reports when DKIM fails. "s" generates reports when SPF fails. Requires the "ruf" tag.
rf Defines the format for failure reports. Options are "afrf" and "iodef".
pct Specifies the percentage of failed emails the policy applies to. Only works with "quarantine" or "reject" policies. For example, "pct=70" applies the policy to 70% of failed emails. The remaining 30% use a lower policy.
ri Sets the reporting interval in seconds. Default is 86400 (once a day). ISPs usually send reports daily.

Connect to our experts

  1. Block all email-based threats
  2. Get real-time intelligence on attacks
  3. Zero Investment to Start
For more information, please see our Privacy Policy.

Frequently Asked Questions

To create a DMARC record, go to your domain's DNS management where SPF and DKIM are configured. Generate a TXT record with DMARC tags to enhance email security and authentication.

A DMARC record informs email servers on how to handle messages that fail authentication checks, preventing unauthenticated messages from impersonating you or your company.

Update a DMARC record by modifying the TXT record in your domain's DNS management.

Common DMARC tags include:
Label Use Aim Example
v Mandatory Protocol version v=DMARC1
p Mandatory Policy associated with the domain p=quarantine
pct Optional Percentage of filtered messages pct=100
rua Optional Reporting URI for aggregate reports rua=mailto
sp Optional Policy for subdomains of the domain sp=reject
aspf Optional Alignment mode for SPF aspf=r

DMARC reports are sent to the email address specified in the rua tag of your DMARC record. Set up a dedicated mailbox or folder to manage these reports.

Email account owners or administrators should use DMARC records to monitor and protect against email impersonation, spam, and phishing.

Disable DMARC by removing the corresponding TXT record from your domain's DNS management interface.

Email security prevents identity theft and ensures messages are exchanged between genuine accounts, reducing the risk of fraudulent activities.

DMARC is crucial for preventing email spoofing, phishing, and spam by providing a reporting mechanism to detect and mitigate malicious activities.

No, DMARC is primarily a reporting system and does not by itself prevent spam or phishing attacks.

Example DMARC record:
v=DMARC1; p=reject; rua=mailto:[email protected]; pct=100; adkim=s; aspf=s