DNS Lookup Advanced DNS Lookup
Utilities
DNS Tools DNS Lookup Advanced DNS Lookup Record Finder WHOIS Lookup DKIM Lookup DMARC Lookup Blacklist Check All DNS Tools
Analysis SPF Analyzer Analyze Email Headers Domain Profile Report Verify Email SMTP Send Client
Bulk & Enterprise Bulk Lookup DNS Explorer DNS Assistant
Lookup Tools
DNS Lookup Advanced DNS Lookup Record Finder WHOIS Lookup DKIM Lookup DMARC Lookup Blacklist Check All DNS Tools
Analysis
SPF Analyzer Analyze Email Headers Domain Profile Report Verify Email SMTP Send Client
Bulk & Enterprise
Bulk Lookup DNS Explorer DNS Assistant CSV Comparison Utility
Resources
Instructions Domain Name System Email Security SPF, DKIM, DMARC About
Close

DNSai DMARC Lookup

Try: anthropic.com, openai.com, nvidia.com

Check DMARC Policy & Email Authentication

Look up DMARC records for any domain to verify email authentication policy configuration. DMARC works with SPF and DKIM to form the email authentication triad that protects your domain from spoofing and phishing attacks.

A properly configured DMARC policy tells receiving mail servers whether to deliver, quarantine, or reject emails that fail authentication. The policy also specifies where to send aggregate and forensic reports, giving you visibility into who is sending email on behalf of your domain.

Policy Analysis — Instantly see if your domain uses none (monitoring), quarantine, or reject policy, plus the percentage of emails affected.
Report Address Extraction — View configured aggregate (rua) and forensic (ruf) report destinations to verify you're receiving DMARC reports.
Security Score & Recommendations — Get a grade (A-F) based on your DMARC configuration with specific recommendations to improve protection.

How DMARC Email Authentication Works

When you receive an email, your mail server first checks SPF (does the sending IP match the domain's authorized senders?) and DKIM (is the cryptographic signature valid?). DMARC adds a policy layer: it checks if either SPF or DKIM passes AND aligns with the From header domain, then applies the domain owner's specified policy to messages that fail.

The DMARC record is published as a TXT record at _dmarc.yourdomain.com. A typical record looks like: v=DMARC1; p=reject; rua=mailto:[email protected]

Policy Progression: Most organizations start with p=none to monitor without affecting delivery, analyze reports for 2-4 weeks, fix any SPF/DKIM issues, then progressively move to quarantine and finally reject for maximum protection.

DMARC Lookup FAQ

What is DMARC and why is it important?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds on SPF and DKIM to protect domains from email spoofing and phishing. It allows domain owners to specify how receiving mail servers should handle messages that fail authentication checks. DMARC is essential because it prevents attackers from sending fraudulent emails that appear to come from your domain, protecting both your brand reputation and your recipients from phishing attacks.

What do the DMARC policies none, quarantine, and reject mean?

The three DMARC policies control what happens to emails that fail authentication: 'none' (monitoring mode) - emails are delivered normally but you receive reports about authentication failures, useful for initial deployment; 'quarantine' - failing emails are sent to spam/junk folder, providing moderate protection; 'reject' - failing emails are blocked entirely and never delivered, providing maximum protection against spoofing. Most organizations start with 'none' to monitor their email ecosystem, then progressively move to 'quarantine' and finally 'reject'.

What are DMARC aggregate (rua) and forensic (ruf) reports?

DMARC supports two types of reports: Aggregate reports (rua) are daily XML summaries showing authentication results for all emails claiming to be from your domain, including source IPs, pass/fail counts, and policy actions. These help you monitor your email ecosystem and identify unauthorized senders. Forensic reports (ruf) are detailed reports sent immediately when individual messages fail DMARC. Due to privacy concerns, many receivers limit or disable forensic reports. Set up aggregate reports at minimum using the rua= tag.

What is DKIM and SPF alignment in DMARC?

Alignment determines how strictly DMARC matches the domain in email headers. DKIM alignment (adkim) compares the 'd=' domain in the DKIM signature with the From header domain. SPF alignment (aspf) compares the envelope sender (Return-Path) domain with the From header domain. Both can be set to 'relaxed' (r) allowing subdomains to match, or 'strict' (s) requiring exact domain matches. Strict alignment provides stronger protection but requires careful configuration.

How do I implement DMARC for my domain?

To implement DMARC: 1) First ensure SPF and DKIM are properly configured for all legitimate mail sources; 2) Create a DNS TXT record at _dmarc.yourdomain.com; 3) Start with p=none to monitor: 'v=DMARC1; p=none; rua=mailto:[email protected]'; 4) Analyze aggregate reports for 2-4 weeks; 5) Fix any SPF/DKIM issues found; 6) Gradually increase policy to quarantine, then reject; 7) Set pct= to apply policy to a percentage of mail during transition.

Looking up DMARC record...

This usually takes just a moment