Free DMARC Record Checker

Home/Tools/DMARC Checker Tool

DMARC Checker Tool

Check your domain's DMARC record to detect protection issues and improve email deliverability

Is your domain protected? Check and safeguard it.

Run your SPF, DKIM, and DMARC record check — get alerts before deliverability drops.

Start for free
Check your DMARC record with Snov.io

What Is a DMARC Record?

A DMARC record is an email authentication protocol that should be added as a TXT entry to your domain's DNS settings. What for? Directly, DMARC protects your domain against cyberattacks, such as spoofing, phishing, or business email compromise, by handling messages that fail SPF or DKIM authentication checks.

Think of it as a security filter that sifts through emails, identifying and unmasking impostors who're disguised as your company. Based on your DMARC policy levels, it either:

  • Monitors them, taking no action — “None” level
  • Sends them directly to spam — “Quarantine” level
  • Or blocks them entirely — “Reject” level

Indirectly, DMARC helps improve your sender reputation and contributes to better inbox placement. When it's properly configured, email providers treat your messages as legitimate and safe to deliver to people's inboxes. To identify and resolve configuration issues, use a DMARC lookup tool and perform a thorough DMARC check.

Fast DMARC Record Check

Let our DMARC test diagnose and validate your email authentication protocol within a few seconds. Enter your domain and see your DMARC status in the “Domain Health” tab. It should be “Valid” with a green checkmark.

DMARC Record Error Detection

Detect any technical issues with our DMARC checker tool. Identify a misconfigured policy, broken syntax, or other common errors that may expose your domain to cyber threats. Get a detailed DMARC check analysis in the “Issues to fix” tab.

DMARC Record Recommendations

Go to the “Recommendations” tab and receive actionable tips on what to improve, like setting a stricter policy or aligning DKIM and SPF for maximum protection. Fully protect your domain from unauthorized use with our DMARC record checker.

How to Set Up a DMARC Record

Here's how to implement a DMARC record in 5 simple steps.

Run a DMARC test

Use a DMARC lookup tool to see if a DMARC record exists for your domain. If not, create one in a TXT format.

Decide on your DMARC policy

Choose an enforcement level (none, quarantine, or reject) and add a percentage tag with the email traffic it applies to.

Add the DMARC record to DNS

Go to your domain's DNS settings and insert the TXT record. Double-check the DMARC record syntax for errors.

Monitor your DMARC reports

Receive aggregate XML reports summarizing your email traffic and forensic reports showing who is sending emails on behalf of your domain.

Adjust your DMARC record

Review detailed forensic reports to see who fails your DMARC record authentication checks. Tighten your policy if needed.

Frequently Asked Questions on DMARC Check

What does DMARC mean?

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It is an email authentication protocol that you should add to your domain's DNS settings in a TXT format.

Alongside SPF and DKIM, it forms a 3-layer defense system to prevent email spoofing or phishing attacks, protect your reputation, and ensure high deliverability:

  • Layer #1 — SPF
  • Layer #2 — DKIM
  • Layer #3 — DMARC

You get a comprehensive email security stack only when each is properly configured.

What is the difference between DKIM, SPF, and DMARC?

The difference between SPF, DKIM, and DMARC lies in their key functions when ensuring email security on their dedicated levels:

  • SPF (Sender Policy Framework) is the first security checkpoint. It verifies the sender's IP based on the approved list of IP addresses.
  • DKIM (DomainKeys Identified Mail) is the second security checkpoint. It adds cryptographic digital signatures to email headers and ensures that messages have not been modified in transit.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance) is the third security checkpoint. It dictates what to do with emails if DKIM or SPF fails: monitor them (no action), quarantine them, or reject them entirely. DMARC validation is successful only if the email passes DKIM or SPF checks.

Together, they form a trio of email security guards, each watching out for hackers, phishers, and data thieves by using their own mechanisms and methods. When they're set up correctly, they help protect your sender reputation and improve email deliverability. To determine whether each works properly, run an SPF, DKIM, and DMARC check.

What is DMARC implementation?

DMARC implementation means adding a DMARC record to your domain's DNS settings.

Step 1. Check your current setup. Use a DMARC lookup or checker tool to see whether your domain already has a DMARC TXT record published in DNS. If none is found, you'll need to create one.

Step 2. Pick a protection level. Decide how suspicious messages should be handled:

  • "None" (not recommended) — Only monitored without any action taken
  • "Quarantine" (recommended) — Sent to spam
  • "Reject" (the strictest protection level) — Blocked completely

Optionally, indicate the percentage of email traffic this rule applies to.

Step 3. Publish the DMARC record in DNS. Place the TXT record into your DNS settings. Double-check the syntax to ensure email authentication works properly.

Step 4. Review your DMARC reports. Once it's all set, carefully examine your aggregate XML reports (general summaries of your email traffic) and forensic reports (deep-dive analyses of failed checks).

Step 5. Optimize your DMARC policy over time. Analyze failed authentication attempts, identify unauthorized senders, and gradually strengthen your rules.

What is the DMARC record syntax?

A DMARC record syntax is a TXT string of tags (parameters) separated by semicolons. It consists of the required version (v=) and policy (p=) tags, followed by an email traffic percentage tag (pct=) or other parameters.

For example, a full DMARC record may look like this:

v=DMARC1; p=quarantine; pct=50; rua=mailto:agg@example.com; ruf=mailto:forensic@example.com;

  • Mandatory tags are v=DMARC1 and p=quarantine (or p=none / p=reject depending on your policy)
  • Highly recommended tags are pct= (the percentage tag), rua= (for aggregate reports), and ruf= (for forensic reports)
  • Other optional tags may be sp= (subdomain policy), adkim= (DKIM alignment), and others

Note: The obligatory v= (version) and p= (policy) tags must always go first.

Why do I need a DMARC check?

You need a DMARC check for the following critical reasons:

  • Avoid domain spoofing and phishing attacks: DMARC builds on DKIM and SPF protocols to block cybercriminals and scammers who can impersonate you and send malicious emails on your behalf.
  • Follow email providers' regulations: For example, Gmail strictly requires a valid DMARC record for bulk senders (5,000+ emails/day). If you don't comply with this rule, your emails will be rejected at the server level.
  • Improve your sending domain's reputation: A properly set DMARC record proves that your email domain doesn't send dangerous or harmful messages. This, in turn, strengthens trust in your sender identity.
  • Boost your email deliverability: Thanks to a DMARC record, your emails are more likely to land in the Inbox. Without it, major email service providers may send your emails to the Spam folder.

You can verify your domain's DMARC status with a specialized tool like Snov.io's DMARC Checker.

How does a DMARC checker work?

A DMARC record checker tool scans your domain's DNS records to find and analyze your DMARC configuration. It runs a DMARC test to tell whether your TXT record is valid (or invalid), checks its syntax for errors or typos, validates your policy, and confirms whether DKIM and SPF are also aligned.

On top of that, some tools may also suggest relevant fixes and improvements to increase your email deliverability. For example, with the Snov.io DMARC Checker, you get expert recommendations on what to improve or adjust to ensure proper DMARC record setup and a higher deliverability rate.

Is a DMARC checker tool free?

Yes, most DMARC record checkers are free for basic lookups. Some platforms may offer advanced DMARC tests with more detailed reporting or extra deliverability features in their paid plans.

Here are several free DMARC check tools to choose from: Snov.io's DMARC Checker, EasyDMARC, Dmarcian, PowerDMARC, or DMARC Advisor. You may want to try the Snov.io DMARC Checker tool in the free plan and see your DMARC status in seconds.

How often should I review my DMARC record, policy, and reports?

A general rule of thumb is to review your DMARC record and policy monthly or at least quarterly. This regular practice will help you identify malicious senders spoofing your brand and safely transition to stricter enforcement if needed. Moreover, if you've adopted a new email automation platform or CRM, a DMARC check will help you prevent your marketing or transactional emails from landing in spam folders, as you will need to align SPF and DKIM protocols for those platforms specifically.

As for DMARC reports, you should review your aggregate XML reports at least weekly, but check them daily if you're implementing a new policy, adjusting your DNS settings, or investigating a failed authentication incident. Also, analyze your forensic reports whenever they arrive after an authentication failure.

How often do you get DMARC reports?

The frequency depends on the DMARC report type:

  • Aggregate reports (the rua= tag): By default, you will receive aggregate XML reports once a day, as they summarize the previous 24 hours of email traffic.
  • Forensic/failure reports (the ruf= tag): The receiving mail servers (e.g., Yahoo or Microsoft Outlook) send forensic reports in near real-time shortly after a particular email fails SPF or DKIM authentication, directly influencing the DMARC pass result.

To start receiving both, you must explicitly indicate the destinations by adding the rua= and ruf= tags in your DMARC record syntax.

What are common errors in DMARC records?

The most typical DMARC record errors include the following:

  • Syntax and formatting mistakes: A misspelled tag name, a missing semicolon or a comma instead of it, etc.
  • DNS and domain misconfiguration: Two or more DMARC records instead of a single TXT record published, fake domains for reporting, forgetting about subdomains, etc.
  • DKIM and SPF misalignment: Typos in the dedicated tags or missing third-party senders (e.g., you forgot to update your SPF or DKIM records for a marketing platform or CRM system you're using).
  • Policy enforcement mistakes: A policy value typo or a stricter policy (p=quarantine or p=reject) without a monitoring period (p=none) set first.

To spot and fix any of those mistakes before they impact your email deliverability, use a DMARC record lookup tool like Snov.io's DMARC Checker.

How can I fix a misconfigured DMARC policy?

To fix a misconfigured DMARC policy, follow these steps:

Step 1. Switch to monitoring mode (p=none) to prevent servers from blocking your legitimate emails while you're fixing everything.

Step 2. Analyze your DMARC reports and list all platforms that send email from your domain, both internal (e.g., Google Workspace or Microsoft 365) and external (e.g., HubSpot or MailChimp).

Step 3. Fix your SPF and DKIM configurations for all legitimate senders from Step 2.

Step 4. Gradually update your policy to a stricter (p=quarantine) level with a soft (25%), medium (50%), or full (100%) enforcement percentage tag. Then do the same when upgrading to the strictest (p=reject) level.