DMARC Checker & Generator

Protect Your Emails Today

Check and generate DMARC records to prevent phishing, spoofing, and email fraud.

Analyze Your DMARC Setup

Enter your domain for a quick DMARC, SPF, and DKIM analysis

Get actionable insights to prevent spoofing and secure your email.

Try Now

Create Your DMARC Record in Seconds

Generate a valid DMARC record effortlessly with our easy-to-use tool.

Try Now

How DMARC Protects Your Emails

Stops Email Spoofing

DMARC blocks scammers from faking your domain, preventing phishing and protecting your brand’s reputation.

 

Strengthens Email Authentication

By verifying senders with SPF and DKIM, DMARC stops unauthorized emails from reaching inboxes.

 

Enhances Email Deliverability

With DMARC, your emails avoid spam filters, improving delivery rates and ensuring customers see your messages.

Detects Unauthorized Email Activity

DMARC reports show who is sending emails from your domain, helping you catch fraud and fix security issues.

Why Use Our DMARC Checker & Generator Tools

Easy-to-Use Interface

Our tool is ready to use—no installations, integrations, or complex configurations needed.

Instant Security Insights

Get real-time DMARC, SPF, and DKIM reports to identify risks and secure your domain.

Easy DMARC Record Generation

Create a DMARC record in seconds—no technical knowledge required.

Free to Use

No hidden fees or subscriptions. Get full access to DMARC checks and reports at no cost.

Frequently asked questions

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that works by aligning the results of SPF and DKIM with the domain in the email’s “From” header.
This alignment ensures that only authorized senders can send emails on behalf of your domain. DMARC also provides reporting mechanisms, enabling domain owners to monitor email traffic and detect unauthorized use.
By implementing DMARC, you mitigate email spoofing, phishing attacks, and enhance email deliverability.

A DMARC record is a TXT record published in your domain’s DNS. Its key components include:

  1. Policy (p=): Specifies the action (None, Quarantine, or Reject) for unauthenticated emails.
  2. Aggregate Reports (rua=): Email address(es) to receive daily reports about authentication results.
  3. Forensic Reports (ruf=): Email address(es) to receive detailed reports for failed emails (optional).
  4. Alignment Mode (adkim= and aspf=): Defines whether alignment is strict or relaxed for DKIM and SPF.
  5. Subdomain Policy (sp=): Policy for subdomains (defaults to the main domain policy if not set).
  6. Reporting Interval (ri=): Time interval (in seconds) for aggregate report delivery (default is 86,400 seconds or 1 day).

Example:
v=DMARC1; p=reject; rua=mailto:[email protected]; adkim=s; aspf=r;

DMARC policies define how unauthenticated emails should be handled.

  1. None (p=none): Monitors email traffic without affecting delivery. Use this policy when starting with DMARC to gather reports and identify issues.
  2. Quarantine (p=quarantine): Marks unauthenticated emails as suspicious (e.g., moves them to spam). Use this policy after reviewing reports and addressing major issues.
  3. Reject (p=reject): Blocks unauthenticated emails entirely. Use this policy only when confident your legitimate emails are properly authenticated.
  • Aggregate Reports: These daily reports provide a summary of how your emails are being authenticated across various receiving mail servers. They include data on SPF, DKIM, and DMARC pass/fail rates, helping you understand email traffic and potential issues. Aggregate reports are sent to the email addresses specified in the rua= tag of your DMARC record.
  • Forensic Reports: These detailed reports are triggered when an email fails DMARC checks. They contain information about the failed message (such as the email headers and IP address of the sending server) and are sent to the email addresses specified in the ruf= tag of your DMARC record. These reports help with deeper analysis and troubleshooting of specific authentication failures.
  1. There are several reasons DMARC might fail for your emails:
    a. SPF and DKIM Failures: If your SPF or DKIM records are misconfigured or not aligned with the “From” address, DMARC will fail.
    b. Third-Party Senders: If you use external services (like email marketing platforms), they may not be properly authenticated with your domain’s SPF or DKIM, leading to DMARC failures.
    c. Misalignment: Ensure that the domains used in SPF/DKIM align with the domain in the “From” header. If they don’t, DMARC will fail.
Check your reports to pinpoint the exact cause of failure.
  • Implementing DMARC can take anywhere from a few minutes to several weeks, depending on your setup:
  1. Start with Monitoring (p=none): The process begins by publishing a DMARC record with a p=none policy. This allows you to monitor email activity without affecting delivery and typically takes only a few minutes.
  2. Monitor and Configure Sending Sources: Use the DMARC reports to identify misconfigured systems or unauthorized senders. Align SPF and DKIM for all legitimate email-sending sources. This phase can take a few days to a few weeks, depending on the complexity of your email infrastructure.
  3. Move to Quarantine (p=quarantine): After ensuring most sources are configured correctly, update your DMARC policy to quarantine suspicious emails. This step requires continued monitoring and adjustments as needed.
  4. Enforce Reject (p=reject): Once all legitimate sources are aligned and no issues remain, transition to a reject policy to fully block unauthorized emails. This final phase ensures maximum protection and may take additional time to validate.
  • Overall, the entire process typically takes 1 to 2.5 months, depending on the complexity of your setup and the number of email sources to configure.
  • Yes, DMARC applies to subdomains by default, meaning they inherit the policy of the parent domain unless specified otherwise.
  • Inheriting the Policy: If no separate DMARC record is set for a subdomain, it will follow the main domain’s policy. For example, if your parent domain has p=reject, the subdomain will also reject emails that fail DMARC checks.
  • Using the sp Tag: To set a different policy for subdomains, use the sp (subdomain policy) tag in your main domain’s DMARC record. Example:
    v=DMARC1; p=reject; sp=quarantine; rua=mailto:[email protected] This would apply the “Reject” policy to the parent domain but place emails from subdomains into quarantine.
  • Separate DMARC Record: If a subdomain follows completely different email flows (e.g., a third-party service), it should have its own DMARC record to ensure proper protection

Helpful Resources

Want to learn how to protect your emails? Explore our latest articles on email security:

DMARC Implementation
Common DMARC Implementation Mistakes and How to Avoid Them
3 minutes to read
Beyond DMARC: BIMI and VMC for Enhanced Brand Protection and Email Engagement
3 minutes to read
The DMARC Enforcement Lifecycle
The DMARC Enforcement Lifecycle: From ‘None’ to ‘Reject’ in 5 Steps
4 minutes to read
DMARC vs. SPF vs. DKIM
DMARC vs. SPF vs. DKIM: The Ultimate Email Showdown
4 minutes to read