DMARC Lookup

Look Up Your DMARC Record and Get a Complete Analysis

DMARC Record Checker
Use this tool to check, lookup, and validate your DMARC record.
Domain:
 

DMARC: The Essential Tool for Email Security

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a critical email authentication protocol that safeguards your domain from spoofing attacks. These attacks involve forging your email address to trick recipients into believing the message is legitimate. DMARC helps prevent this by verifying the sender's identity through existing protocols like SPF and DKIM.


By implementing DMARC, you gain greater control over your email security. You can instruct receiving mail servers on how to handle emails that fail authentication checks. This empowers you to quarantine or even reject suspicious emails, protecting your reputation and preventing sensitive information breaches.


DMARC's true power lies in its reporting capabilities. Beyond just verification, DMARC provides valuable insights into email activity associated with your domain. These reports reveal any unauthorized attempts to send emails under your name, even if they manage to bypass initial authentication checks. This advanced visibility allows you to identify potential security weaknesses and take proactive steps to address them before they evolve into costly cyberattacks.


Once you have it set up, it's time to test it with our very own eMail Tester.

DMARC Record Checker

DMARC Tag Specification Explained

TAG MEANING
v Required: Specifies the version of the DMARC protocol being used. Always set to v=DMARC1 for the current DMARC protocol version.
p Required: Specifies the policy to be enacted by the receiving mail server when DMARC authentication fails.This tag determines what action should be taken if an email fails DMARC checks.

Possible Values:

  • none: Takes no action, but generates DMARC reports.
  • quarantine: Treats the message as suspicious, possibly placing it in the recipient's spam or quarantine folder.
  • reject: Blocks the message outright, preventing delivery to the recipient.
sp Specifies the policy for handling messages from subdomains of the DMARC-aligned domain. Subdomains inherit policies from their parent domain unless explicitly overridden.
rua Specifies the URI(s) to which aggregate DMARC reports should be sent, for example: rua=mailto:your@email.com. Aggregate reports provide statistics about DMARC usage and authentication results.
ruf Specifies the URI(s) to which forensic DMARC reports should be sent (reports about individual failed messages), for example: ruf=mailto:your@email.com. Forensic reports contain detailed information about specific messages that failed DMARC checks.
adkim Specifies how DKIM (DomainKeys Identified Mail) alignment should be handled. DKIM alignment verifies that the DKIM signature on an email matches the sender's domain.

Possible Values:

  • r: Relaxed mode. Allows for intermediate levels of subdomain alignment.
  • s: Strict mode. Requires exact domain name alignment.
aspf Specifies how SPF (Sender Policy Framework) alignment should be handled. SPF alignment verifies that the SMTP MAIL FROM domain matches the domain used in the RFC5322.From header field.

Possible Values:

  • r: Relaxed mode. Allows for intermediate levels of subdomain alignment.
  • s: Strict mode. Requires exact domain name alignment.
fo Determines the level of detail in forensic reports (message-level reports) generated when DMARC authentication fails.

Possible Values:

  • 0: Generate reports if all underlying authentication mechanisms fail to produce a DMARC pass result.
  • 1: Generate reports if any underlying authentication mechanism produces something other than a DMARC pass result.
  • d: Generate reports regardless of the authentication result.
  • s: Generate an SPF failure report if the message failed SPF evaluation, regardless of alignment.
rf This tag specifies the format for forensic (message-level) DMARC reports that are sent to the specified reporting addresses (ruf).

Possible Values:

  • afrf: Specifies the use of the Abuse Reporting Format (ARF) for forensic reports, which provides a standardized format for reporting abusive activity related to email.
  • iodef: Specifies the use of the Incident Object Description Exchange Format (IODEF) for forensic reports, which is another standardized format for reporting security incidents.
pct Specifies the percentage of messages subjected to DMARC policy filtering.Allows gradual enforcement of DMARC policies to monitor impact before full enforcement. Any integer value from 0 to 100.
ri This tag specifies the interval at which aggregate DMARC (Domain-based Message Authentication, Reporting & Conformance) reports should be generated and sent by receivers to the specified reporting addresses (rua). For example: ri=86400 indicates that aggregate reports should be sent daily (every 86400 seconds).

Frequently Asked Questions

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that helps protect email domains from being used in phishing and email spoofing. It builds on SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) by adding a policy for handling failed authentication attempts and providing reporting mechanisms for senders.
DMARC works by allowing domain owners to publish a policy in their DNS records that specifies how email receivers should handle messages that fail SPF or DKIM checks. It also provides a mechanism for email receivers to send reports back to domain owners about emails that pass and fail DMARC evaluation.
The key components of a DMARC record include:
  • v: The DMARC version (always DMARC1).
  • p: The policy for handling failed emails (none, quarantine, reject).
  • rua: Addresses to which aggregate reports should be sent.
  • ruf: Addresses to which forensic reports should be sent.
  • pct: The percentage of emails to which the DMARC policy should be applied.
  • adkim: Alignment mode for DKIM (strict or relaxed).
  • aspf: Alignment mode for SPF (strict or relaxed).
Aggregate reports (rua) provide domain owners with data on email authentication results. These reports include information about the number of emails received, how they were authenticated, and any failures. This helps domain owners monitor and improve their email authentication practices.
Forensic reports (ruf) provide detailed information about individual emails that fail DMARC authentication. These reports can include the original email headers and other details, helping domain owners investigate and respond to specific authentication failures.
The `pct` tag specifies the percentage of emails to which the DMARC policy should be applied. This allows domain owners to gradually enforce DMARC policies, starting with a small percentage of emails and increasing it as they gain confidence in their email authentication setup.
The `adkim` tag specifies the DKIM alignment mode, while the `aspf` tag specifies the SPF alignment mode.
  • adkim: Defines DKIM alignment as strict (`s`) or relaxed (`r`). Strict alignment requires an exact match between the domain in the DKIM signature and the From address, while relaxed alignment allows subdomain matches.
  • aspf: Defines SPF alignment as strict (`s`) or relaxed (`r`). Strict alignment requires an exact match between the domain in the SPF record and the From address, while relaxed alignment allows subdomain matches.
The `ri` and `rf` tags configure aspects of DMARC reporting:
  • ri: Report interval, specifying how often aggregate reports are sent. For example, `ri=86400` indicates that reports are sent daily.
  • rf: Report format, specifying the format for forensic reports. Common formats include `afrf` (Abuse Reporting Format) and `iodef` (Incident Object Description Exchange Format).
Implementing DMARC provides several benefits, including:
  • Improved email security by reducing the risk of email spoofing and phishing.
  • Increased visibility into email authentication practices through detailed reporting.
  • Enhanced brand protection by preventing unauthorized use of the domain.
  • Greater control over how email receivers handle emails that fail authentication.

Are You Ready To Experience The Difference?

CC Logo

Become a part of the Campaign Cleaner community today, and join countless satisfied customers who have witnessed significant improvements in their email deliverability and campaign success. Don't let HTML issues hold you back; let Campaign Cleaner optimize your campaigns and boost your inbox rates

Let's Get Started