DMARC Policy CheckerValidate Email Authentication Policy

Check DMARC records to validate policy configuration (none/quarantine/reject), verify reporting setup, and assess email authentication strength.

Recent Searches

🔒History stored locally.
No history

DMARC Policy Validation

DMARC (Domain-based Message Authentication, Reporting, and Conformance) builds on SPF and DKIM by defining policies for handling authentication failures. DMARC records are published at _dmarc.example.com as TXT records.

DMARC Policy Levels

p=none: Monitor mode. Recipients log authentication failures but deliver all mail normally. Use this when first implementing DMARC to gather data without risk of blocking legitimate email.

p=quarantine: Send emails that fail authentication to spam/junk folders. Provides protection while allowing recipients to retrieve false positives from spam folders.

p=reject: Block delivery of emails that fail authentication entirely. Strongest protection but requires confidence in SPF and DKIM configuration to avoid blocking legitimate mail.

DMARC Reporting

rua (Aggregate Reports): Daily XML reports sent to specified email addresses showing authentication statistics. Example: rua=mailto:[email protected]

ruf (Forensic Reports): Individual reports for each authentication failure containing message headers and details. More verbose than aggregate reports and may contain sensitive information.

DMARC Alignment

DMARC requires alignment between the domain in the From header and authenticated domains from SPF or DKIM. Strict alignment (aspf=s, adkim=s) requires exact matches. Relaxed alignment (default) allows subdomain matches.

Example: Email from [email protected] must pass SPF/DKIM for example.com (relaxed) or support.example.com (strict) to align.