ZonoTools
Home/Developer/DMARC Checker

DMARC Checker

Domain for DMARC

DNS lookups send the domain (or DKIM/DMARC host name) to this site's DNS API. Format checks for headers run locally in your browser.

How to use

  1. Enter the organizational domain that publishes DMARC (typically the domain in the visible From: address).
  2. Note the lookup host shown: _dmarc.yourdomain.com.
  3. Click Check DMARC to fetch TXT and parse tags — lookup runs only when you click.

FAQ

Where is DMARC published?

As a TXT record at _dmarc.example.com (the _dmarc label under the policy domain).

What does p=none mean?

Monitoring mode: receivers collect alignment data and may send aggregate reports (rua) but usually do not quarantine or reject based on DMARC alone.

What is the difference between p and sp?

p applies to the organizational domain; sp applies to subdomains when you want a different policy (e.g. stricter on www or mail subdomains).

Do I need rua?

rua is optional but strongly recommended — aggregate XML reports show SPF/DKIM alignment volume over time.

Does DMARC replace SPF or DKIM?

No. DMARC tells receivers what to do when SPF and/or DKIM alignment fails relative to the From: domain.

Introduction

DMARC tells receiving mail systems what to do when messages from your domain fail SPF or DKIM alignment with the visible From: domain. A DMARC checker reads the published policy at _dmarc.yourdomain.com so you know whether you are in monitor-only mode or enforcing quarantine/reject.

DNS is queried only when you click Check DMARC — not while you edit the domain field.

What is a DMARC record?

DMARC is a TXT record starting with v=DMARC1. Important tags include:

Tag Meaning
p Policy for the org domain: none, quarantine, or reject
sp Policy for subdomains (optional)
pct Percentage of failing mail subject to policy (default 100)
rua Aggregate report mailbox(es)
ruf Forensic (failure) report mailbox(es) — optional
aspf SPF alignment mode (r relaxed, s strict)
adkim DKIM alignment mode (r or s)

This tool surfaces parsed values and warnings (e.g. p=none in production, missing rua).

Key Features

  • Shows exact lookup host _dmarc.{domain}.
  • Button-triggered TXT fetch and tag parsing.
  • Human-readable policy and report URI fields.
  • Raw DMARC string with copy.
  • Empty default input; Sample for known domains.

Common Use Cases

  • Reading policy before moving from p=none to quarantine or reject.
  • Verifying rua after registering with a report collector.
  • Auditing subdomain policy (sp) vs apex (p).
  • Security reviews alongside SPF Checker and DKIM Checker.

Best Practices

  • Start with p=none and valid rua until reports show consistent SPF/DKIM pass rates.
  • Fix SPF includes and DKIM selectors before enforcement — DMARC fails when alignment fails.
  • Use strict alignment (aspf s / adkim s) only when you understand legitimate third-party send paths.
  • Subdomain policies matter for mail.company.com and product microsites — set sp intentionally.
  • DMARC does not fix inbound MX — use MX Lookup for receiver routing.

Related Tools

Disposable Email CheckerSPF CheckerDKIM CheckerEmail ValidatorMX LookupEmail Header Analyzer
Explore all Developer Tools