DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email security protocol that protects your domain from unauthorized use, including email spoofing and phishing attacks. Our free DMARC checker instantly analyzes your domain's DMARC record and provides clear recommendations to strengthen your email security.
Comprehensive analysis powered by Vysiro's scanning engines
Instant DMARC record lookup and parsing
Policy analysis (none, quarantine, reject)
Alignment mode validation (relaxed vs strict)
Reporting URI verification (rua, ruf)
Subdomain policy detection
Percentage tag analysis
Forensic reporting configuration check
Clear improvement recommendations
Get results in seconds with our automated scanning process
Enter your domain name in the scanner above
We query DNS for your _dmarc TXT record
Our engine parses every DMARC tag and value
We validate alignment, policy, and reporting settings
You receive a detailed analysis with severity ratings
Follow our recommendations to improve email security
Everything you need to know about dmarc record checker
A DMARC record is a DNS TXT record published at _dmarc.yourdomain.com that tells receiving mail servers how to handle emails that fail SPF or DKIM authentication. It specifies your policy (none, quarantine, or reject) and where to send aggregate and forensic reports.
DMARC prevents email spoofing and phishing attacks by allowing domain owners to specify how unauthenticated emails should be handled. Without DMARC, anyone can send emails that appear to come from your domain, potentially damaging your reputation and tricking your customers.
Start with p=none to monitor without affecting delivery, then move to p=quarantine to send suspicious emails to spam, and finally p=reject to block all unauthenticated emails. Vysiro recommends reaching p=reject within 90 days for maximum protection.
Add rua= and ruf= tags to your DMARC record with email addresses that will receive aggregate (rua) and forensic (ruf) reports. Example: v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com. Vysiro can process these reports for you automatically.
DMARC alignment checks whether the domain in the From header matches the domains authenticated by SPF and DKIM. Strict alignment requires exact domain matches, while relaxed alignment allows subdomain matches. Relaxed is the default and recommended for most organizations.
If implemented incorrectly, a reject policy can block legitimate emails. That is why you should start with p=none and monitor reports to identify all legitimate email sources before moving to quarantine or reject. Our tool helps you validate your configuration before making changes.
Check your DMARC record whenever you add new email services, change email providers, or modify SPF/DKIM settings. Vysiro recommends weekly monitoring to catch configuration drift and unauthorized changes. Our platform offers continuous monitoring with real-time alerts.
Yes, the Vysiro DMARC checker is completely free with no signup required. You get instant analysis of your DMARC record with detailed recommendations. For continuous monitoring, automated alerts, and auto-fixes, check out our paid plans.
Continue your domain security analysis
Validate SPF records, check DNS lookup limits, and resolve include chains.
Use toolCheck DKIM key existence, configuration, and selector validation.
Use toolParse and analyze email headers for routing, authentication, and delays.
Use toolGet an instant composite trust score (0-1000) across 29 security categories.
Use toolGet continuous monitoring, automated fixes, proof packs, and API access. Protect your domains with Vysiro's agentless attack-surface monitor.