Free · No signup · Instant
DMARC Record Checker
DMARC (Domain-based Message Authentication, Reporting and Conformance, RFC 7489) builds on SPF and DKIM to tell receivers what to do when authentication fails. Without DMARC at p=quarantine or p=reject, attackers can spoof your domain at scale. This tool fetches your _dmarc TXT record and grades the policy.
Frequently asked questions
Where does the DMARC record live?
At the subdomain _dmarc.yourdomain.com as a TXT record starting with v=DMARC1.
What's the difference between p=none, p=quarantine, and p=reject?
p=none is monitoring only. p=quarantine sends failing mail to spam. p=reject blocks it outright. Most teams ramp from none → quarantine → reject over a few months while watching aggregate reports.
Do I need an aggregate (rua) reporting address?
Yes. Without rua=mailto:..., you have zero visibility into who is sending as your domain — both legitimate and spoofed.
Other free tools
SPF Record Checker
Check any domain's SPF record for syntax errors, lookup-count violations, and policy weakness. Free, instant, no signup.
HTTP Security Headers Checker
Scan any URL for HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy and Permissions-Policy. Get a 0-100 score.
DNS Lookup
Resolve any domain's full DNS footprint in one call: A, AAAA, MX, NS, TXT, CAA records with TTLs.