← Email Security Tools
DMARC Record Lookup
Check your domain's DMARC policy instantly. See whether your domain is protected against email spoofing and fraud.
Free DMARC Record Checker
Enter your domain to check your current DMARC policy and see how receiving servers will handle unauthenticated email.
What is a DMARC record?
DMARC is the policy layer that sits on top of SPF and DKIM. It tells receiving mail servers what to do when an email arrives claiming to be from your domain but fails authentication. Without DMARC, anyone can send email using your domain name and most receiving servers will deliver it. The three policy levels are none (monitor only), quarantine (send to spam), and reject (block outright). Your DMARC record also controls reporting — where aggregate data on who is sending as your domain gets delivered.
Enter your domain below to see your current DMARC policy, check for common configuration problems, and get a plain-language breakdown of every tag in your record.
Wolferdawg IT Consulting can review your DMARC policy, fix broken records, and help you move toward a reject policy without disrupting legitimate email.
DMARC record lookup — common questions
What does it mean if my domain has no DMARC record?
If the lookup returns no DMARC record, your domain has no published policy. Receiving mail servers have no instructions for what to do when someone sends email pretending to be from your domain. This leaves your business vulnerable to email spoofing and brand impersonation. Any criminal can send fake invoices, phishing messages, or fraud attempts using your domain name and most receiving servers will not block them.
What is the difference between DMARC policy none, quarantine, and reject?
A DMARC policy of none means the record is published for monitoring only and no action is taken on failing messages. Quarantine tells receiving servers to send failing messages to the spam folder. Reject instructs receiving servers to block failing messages outright and never deliver them. Most businesses start with none to collect reporting data, then move to quarantine, and eventually to reject once they are confident all legitimate sending sources are covered by SPF and DKIM.
My DMARC policy is set to none. Am I protected?
No. A DMARC policy of none means you are monitoring but not enforcing. Criminals can still send email spoofing your domain and receiving servers will not block it. The none policy is useful when you are first setting up DMARC and need to identify all your legitimate sending sources before moving to enforcement. If your policy has been on none for more than a few months and you have not moved to quarantine or reject, your domain is not protected.
Why is my DMARC record failing even though I have SPF and DKIM set up?
DMARC requires alignment between the domain in your From address and the domain validated by SPF or DKIM. If your email is routed through a third-party platform that signs messages under its own domain rather than yours, DKIM alignment will fail even if the signature itself is valid. This is a common issue with newsletter tools, invoicing software, and marketing platforms. The fix is to configure DKIM signing under your own domain within those platforms.
How do I read my DMARC record results?
Your DMARC record is a TXT record published at _dmarc.yourdomain.com. The key tags to look for are p= which is your policy (none, quarantine, or reject), rua= which is the address where aggregate reports are sent, and pct= which is the percentage of messages the policy applies to. If pct is less than 100, your policy is only being enforced on a portion of traffic. If rua is missing, you are not receiving any reporting data to monitor your email authentication results.
More free email security tools
Check and generate all three email authentication records.