DMARC Policy Checker

Look up a domain's DMARC record, parse the policy strength (none, quarantine, reject), and check alignment, reporting, and percentage ramp.

What DMARC actually does

DMARC (RFC 7489) tells receiving mail servers what to do when a message claiming to come from your domain fails SPF or DKIM alignment. A strong DMARC policy means a spoofed message is reliably rejected before it ever lands in a recipient's inbox.

Policy strength ladder

1. p=none — monitoring only. Failures are still delivered. Good as a first step to collect reports, bad as a long-term posture.
2. p=quarantine — failures go to spam folder. Reasonable middle ground while you fix legitimate senders that fail alignment.
3. p=reject — failures are rejected at SMTP time. The intended end state.

Alignment modes

aspf=s / adkim=s = strict alignment: the SPF/DKIM domain must exactly match the From header domain. r = relaxed: subdomains are allowed. Most accounts should use r unless you have hard subdomain-isolation requirements.

Reporting addresses

The rua= tag tells receivers where to send daily aggregate reports — XML files summarizing every IP that sent mail "as you." Without rua=, you have zero visibility into which third-party senders are using your domain. Always set this. The ruf= tag receives forensic reports per failed message — useful but volume-heavy.