Validate a domain DMARC policy, inspect p=none/quarantine/reject, SPF/DKIM alignment, reporting addresses and DNS TXT tags.
DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together and tells receivers what to do when a message fails alignment. This DMARC record checker looks up the single DNS TXT record at _dmarc.<domain> and explains each tag=value pair.
The p tag is the policy: none (monitor only — take no action), quarantine (send failing mail to spam) or reject (block it outright). Most domains start at p=none to gather reports, then escalate to quarantine and finally reject once they're confident every legitimate sender passes.
DMARC only passes when SPF or DKIM passes and is aligned — the authenticated domain has to match the visible From: domain. adkim and aspf control whether that match is r (relaxed) or s (strict). The rua address is where daily aggregate reports go, but DMARC still does not guarantee inbox placement or block every phishing attempt.
A DMARC record checker looks up the TXT record at _dmarc.domain, parses tags such as p, rua, ruf, adkim, aspf, pct, and sp, and explains the domain policy and reporting setup.
p=none monitors failures without taking action, p=quarantine asks receivers to send failing mail to spam, and p=reject asks receivers to reject failing mail. Roll out gradually after SPF and DKIM align.
rua receives aggregate XML reports that summarize DMARC pass and fail activity. ruf receives forensic failure samples when receivers support them, but many do not send ruf reports for privacy reasons.
No. DMARC helps receivers evaluate spoofed mail and alignment, but inbox placement also depends on reputation, content, sending infrastructure, list quality, and recipient engagement.