Validate your DMARC policy and get actionable recommendations. All checks run in your browser -- nothing is sent to our servers.
DMARC (Domain-based Message Authentication, Reporting and Conformance) is
an email authentication protocol defined in RFC 7489. It builds on SPF and DKIM by adding a policy layer: domain owners
publish a DNS TXT record at _dmarc.example.com that tells receiving
mail servers what to do when a message fails both SPF and DKIM alignment checks.
DMARC also provides a reporting mechanism so domain owners can see who is
sending email on their behalf and whether those messages pass
authentication. Aggregate reports (sent to the rua address) provide
daily summaries, while forensic reports (sent to the ruf address)
provide per-message failure details.
The three DMARC policy levels are none (monitoring only),
quarantine (deliver to spam), and reject
(refuse delivery). Organizations typically start with p=none to
gather data, then gradually tighten to quarantine and finally
reject as they confirm all legitimate senders pass authentication.
| Tag | Required | Description |
|---|---|---|
v | Yes |
Version. Must be DMARC1 and must be the first tag.
|
p | Yes |
Domain policy: none, quarantine, or
reject.
|
rua | No | Aggregate report URI(s) for daily XML reports. |
ruf | No | Forensic report URI(s) for per-message failure reports. |
sp | No | Subdomain policy. Inherits from p if absent. |
pct | No | Percentage of failing messages the policy applies to (0-100). |
adkim | No |
DKIM alignment: r (relaxed) or s (strict).
|
aspf | No |
SPF alignment: r (relaxed) or s (strict).
|
Continuous monitoring, aggregate report parsing, and actionable insights for all your email authentication protocols.
Start Free