DMARC checker

Look up DMARC records for your domain.

What is a DMARC checker?

Domain-based Message Authentication, Reporting, and Conformance (DMARC) checker is a DNS TXT record that lists the email authentication methods available for a particular domain. This record, which is built on top of SPF and DKIM, guides the email server on the action that needs to be taken when an email fails both SPF and DKIM authentication checks. For example, DMARC can block emails from an address that isn’t authorized to send emails using a specific domain name.

DMARC policy

The DMARC policy defines the action that needs to be taken when the email fails authentication checks. These policies are in machine-readable format, making it difficult for humans to understand. The policy is denoted by a “p” tag, which lets the server know if that particular email should either be blocked, sent to spam, or pass through the filter. If no DMARC record exists for a domain, the emails will be delivered to the inbox but will end up in spam folder.

DMARC report

The DMARC report contains a set of instructions on when and how often reports need to be generated and sent to the domain’s owners. These reports act as a crucial source of information because they help the domain owner analyze their DMARC policies and alter them to protect their site from spammers.

How to check a DMARC record

Because these DMARC records are critical in the email authentication process, all of the domain’s owners will be creating and updating the same in their domain host section. Once these records are created, you can use tools like Zoho Toolkit to check if the records have been updated for your particular domain.

Components of a DMARC record

A typical DMARC record will contain a name, type, and content followed by its Time to Live (TTL) value. For example, here’s how a DMARC record for a domain (abc.com) might look:

NameTypeContentTTL
_dmarc.abc.comTXTv=DMARC1; p=quarantine; adkim=s; aspf=r; rua=mailto:report@abc.com12300

Name:

This field contains the name of the particular DMARC record.

Type:

This field defines the record as TXT, because all SPF, DKIM and DMARC are defined under a TXT record.

Content:

The content section holds the DMARC policy information.

1. v=DMARC This indicates that the policy must be interpreted as a DMARC record.

2. p=quarantine: The p-value defines the action that must be taken when the email fails the SPF and DKIM checks. The value p=quarantine holds the email back until manual action is taken. When p=none, the emails will be moved to the inbox, and p=reject will prevent the email from being delivered.

3. adkim/aspf The adkim and aspf values define the checking mechanism of the SPFand DKIM records. adkim=s makes the check stricter while adkim=r will make it more relaxed. The same format holds for SPF records as well.

4. rua=mailto:report@abc.comf This will send the generated email to the address mentioned in the content.

TTL:

Time To Live lets the server know the lifetime of the record before it needs an update.

Frequently Asked Questions

  • Are DMARC records needed for domains that don’t participate in email communication?

    Yes, even if the domain isn’t used for email transmission, it’s still necessary for domain owners to configure the DMARC record because this prevents scammers from using their domain.
  • How do I perform a DMARC lookup for my domain?

    With the help of Zoho Toolkit's DMARC lookup tool, you can type in the domain name for the record that needs to be looked up, and Toolkit returns the DMARC record with its host name, entry (DMARC policy), and TTL.
  • What are the different alignment modes in DMARC?

    There are two different alignment modes for a DMARC record—strict mode and relaxed mode. Strict mode requires the SPF and DKIM records to have an exact match between the relevant domain and the domain mentioned in the header, whereas an exact match may not be necessary in relaxed mode.
  • How do I add a DMARC record?

    Before adding a DMARC record, make sure that the SPF and DKIM records for your domain are configured. You can add/update the DMARC record under the TXT type on your domain host.
  • Are BIMI and DMARC the same?

    While they’re related, Brand Indicators for Message Identification (BIMI) and DMARC are not the same. However, BIMI is built on top of a DMARC record. While BIMI is mainly used for visual branding and letting the user know that the email is sent from a legitimate company, DMARC is used mainly for email authentication purposes.