Tools / DMARC Check
DMARC Check
See what happens to email that tries to impersonate your domain.
What does all this mean?
This tool checks whether your domain has a valid DMARC record, what happens to email that fails authentication while claiming to be from you, and whether you are collecting reports on impersonation attempts.
What is DMARC, in one minute?
DMARC builds on SPF and DKIM. It tells inbox providers what to do when a message fails those checks: do nothing, quarantine it, or reject it. It also gives you reports on who is sending as your domain.
Without DMARC, you have no enforcement and no visibility.
Glossary: what each part means
v=DMARC1 - version marker, always present at the start.
p= - main policy: none monitors only, quarantine sends failures to spam/junk, and reject blocks failures outright.
sp= - subdomain policy, used for addresses like anything.example.com.
pct= - percent of failing mail the policy applies to.
rua= - where aggregate reports are sent. This is the main reporting address most domains should have.
ruf= - where forensic reports are sent. These are less common and may include more sensitive message details.
adkim / aspf - alignment settings for DKIM and SPF. Relaxed alignment allows close domain matches; strict alignment requires an exact domain match.
What’s the right rollout?
Start at p=none with a rua address to gather reports. Confirm your legitimate mail passes SPF and DKIM, then move to p=quarantine, then p=reject.
Related reading: Why your business email lands in spam.