What is DMARC and why is it important?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that helps prevent email spoofing and phishing. It builds on SPF and DKIM to tell receiving mail servers what to do when authentication fails, protecting your domain from being used in fraudulent emails.

What does a DMARC policy of 'none', 'quarantine', or 'reject' mean?

The DMARC policy (p=) tells receivers how to handle failed messages: 'none' monitors without action (good for initial deployment), 'quarantine' sends failures to spam/junk folder, and 'reject' blocks the message entirely. Start with 'none' to collect reports, then gradually move to 'reject' for maximum protection.

What are rua and ruf in DMARC records?

rua (Reporting URI for Aggregate reports) specifies where to send daily aggregate reports about email authentication results. ruf (Reporting URI for Forensic reports) specifies where to send detailed failure reports for individual messages. Both use mailto: URIs like 'mailto:dmarc@example.com'.

How do I create a DMARC record for my domain?

Create a TXT record at _dmarc.yourdomain.com with your policy. A basic record looks like: 'v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com'. Start with p=none to monitor, ensure SPF and DKIM are properly configured, then upgrade to p=quarantine or p=reject after reviewing reports.

What is DMARC alignment and why does it matter?

DMARC alignment ensures the domain in the From header matches domains used in SPF and DKIM authentication. 'Relaxed' alignment (aspf=r, adkim=r) allows subdomains to match, while 'strict' (aspf=s, adkim=s) requires exact domain matches. Relaxed is default and usually sufficient.

How long does it take for DMARC changes to take effect?

DMARC record changes depend on DNS TTL (Time To Live). Typically, changes propagate within 24-48 hours, but can be faster if you set a lower TTL before making changes. The 'ri' tag in DMARC specifies the reporting interval (default 86400 seconds = 24 hours).

DMARC Record Checker

Email Security Authentication TXT Record

Anish Nath

DMARC Lookup

Common DMARC Tags

v Version DMARC1

p Policy none/quarantine/reject

rua Aggregate Reports mailto:...

ruf Forensic Reports mailto:...

pct Percentage 0-100

sp Subdomain Policy none/quarantine/reject

DMARC Results

DMARC results will appear here

Enter a domain and click Lookup DMARC

CLI Commands

Lookup DMARC with dig

$ dig TXT _dmarc.google.com +short

Using nslookup

$ nslookup -type=TXT _dmarc.google.com

Using host command

$ host -t TXT _dmarc.google.com

Related Email & DNS Tools

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users

200+ tools

100% private

☕ One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good

Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.

Understanding DMARC

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that builds on SPF and DKIM. It allows domain owners to specify how receiving mail servers should handle emails that fail authentication checks, helping prevent email spoofing and phishing attacks.

DMARC Policy Levels

Policy	Action	Use Case
`p=none`	Monitor only, no action	Initial deployment, collecting reports
`p=quarantine`	Send to spam/junk	Intermediate protection level
`p=reject`	Block the message	Maximum protection, full enforcement

Implementation Tip

Start with p=none to collect aggregate reports, analyze email sources, then gradually move to p=quarantine and finally p=reject for full protection.

Common Mistake

Jumping directly to p=reject without proper SPF/DKIM setup can cause legitimate emails to be blocked. Always test with p=none first.

Complete DMARC Tag Reference

Tag	Required	Description	Example
`v`	Yes	DMARC version	`v=DMARC1`
`p`	Yes	Policy for domain	`p=reject`
`sp`	No	Subdomain policy	`sp=quarantine`
`rua`	No	Aggregate report URI	`rua=mailto:[email protected]`
`ruf`	No	Forensic report URI	`ruf=mailto:[email protected]`
`pct`	No	Percentage of messages	`pct=100`
`aspf`	No	SPF alignment mode	`aspf=r` (relaxed)
`adkim`	No	DKIM alignment mode	`adkim=r` (relaxed)
`fo`	No	Failure reporting options	`fo=1`
`ri`	No	Report interval (seconds)	`ri=86400`

DMARC Record Checker

DMARC Lookup

Common DMARC Tags

DMARC Results

CLI Commands

Related Email & DNS Tools

DNS Lookup

Reverse DNS

DNS Resolver

MTR Traceroute

WHOIS Lookup

Curl Tool

Support This Free Tool

Understanding DMARC

What is DMARC?

DMARC Policy Levels

Implementation Tip

Common Mistake

Complete DMARC Tag Reference

Quick Access

PGP Tools

Sharing Services

Security Tools

Cryptography

Network Tools

Legal & Compliance

DevOps/Container

Blockchain

Encoders/Converters

Developer Tools

Machine Learning Visualizers

Media Tools

Documents & PDF

Finance

Health

Lifestyle & Productivity

Chemistry

Math & Education

Physics Tools

Internationalization