DMARC Record Checker
Enter a domain to look up its DMARC policy. We'll validate the record, parse every tag, and flag the issues that let attackers spoof your brand.
What this DMARC record checker does
This DMARC record checker looks up the _dmarc TXT record on a domain, validates it, and parses every tag: the policy (p=), the reporting addresses (rua and ruf), the alignment modes, and the rest. It tells you what a receiver does with mail that fails authentication for your domain.
Why it matters
SPF and DKIM prove a message is authentic; DMARC is the policy that decides what happens when that proof is missing. With no DMARC record, or a record stuck at p=none, anyone can send mail that appears to come from your domain and receivers take no action. Knowing your current policy is the first step to closing that gap.
How to read the result
The verdict reflects your policy. p=reject is the strongest: spoofed mail is refused. p=quarantine sends it to spam. p=none is monitoring only, so you collect reports but block nothing. The tags table breaks down each part of the record, and the findings explain what to tighten next.
Related
- How DMARC works, the protocol primer behind this check.
- SPF vs DKIM vs DMARC, how the three records differ and why you need all three.
- Rolling out DMARC to p=reject for the step-by-step path from monitoring to enforcement.
- SPF Record Checker and DMARC Record Generator to fix what the verdict flags.
- Scan your domain to get your exact DMARC record plus guided setup, checked alongside SPF, DKIM, and lookalike domains in one pass.
Frequently asked questions
What is a DMARC record?▾
A DMARC record is a DNS TXT record at _dmarc.yourdomain.com that tells receiving mail servers what to do when a message claiming to be from your domain fails SPF and DKIM. It carries your policy (the p= tag), where to send reports (rua), and your alignment settings.
How do I check my DMARC record?▾
Enter your domain above and this checker looks up the _dmarc TXT record, validates it, and parses every tag in plain English. Or query it directly with dig: dig TXT _dmarc.yourdomain.com +short.
What does p=reject mean?▾
p=reject is the strongest DMARC policy: receivers refuse mail that fails authentication for your domain outright, so spoofed messages never reach the inbox. p=quarantine sends failing mail to spam instead, and p=none takes no action (monitoring only).
Is this a free alternative to the MxToolbox DMARC check?▾
Yes. This DMARC checker is free with no signup and parses every tag with fixes. Unlike a static lookup, PhishFence can also scan your whole domain, generate the exact record you should publish, and guide you through enforcement.
Want ongoing monitoring?
This tool is a one-shot check. PhishFence watches your domain with automated hourly monitoring (daily on Free) for DMARC changes, new lookalike registrations, and spoofing attempts.