DMARC record check


In order to implement DMARC a valid DMARC record must be published. At DMARC Analyzer we provide a free to use tool called DMARC Record Check to display the DMARC record, test it and verify whether it’s valid. DMARC Record Check is free and easy to use. Just enter the domain name to perform the DMARC check. The DMARC Record Check will then parse the DMARC record and displays the DMARC record along with additional information.

Use the DMARC Record Check to test and lookup the DMARC record. Then evaluate each possible option and the ones that are implemented. DMARC Record Check will also verify and test if there are external domains in use.

Use the DMARC record checker to validate the DMARC record(s)

 


Need help on creating a DMARC record?

 
DMARC Analyzer is a pure play DMARC specialist with over 15 years of email deliverability experience. We provide user friendly DMARC Analyzer software and Mimecast DMARC Analyzer acts as a comprehensive guide to move towards a reject policy as fast as possible. Sign up for a free
 

Results of a DMARC Check


A DMARC test performed with DMARC Record Check will test and declare the following tags.

tag explanation
v DMARC protocol version.
p Apply this policy to apply to email that fails the DMARC check. Can be “none”, “quarantine”, or “reject”. “none” is used to collect the DMARC report and gain insight into the current email flows and their status.
rua A list of URIs for ISPs to send XML feedback to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form “mailto:[email protected]”.
ruf A list of URIs for ISPs to send forensic reports to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form “mailto:[email protected]”.
rf The reporting format for forensic reports. This can be either “afrf” or “iodef”.
pct The percentage tag instructs ISPs to only apply the DMARC policy to a percentage of failing email’s. “pct=50” will tell receivers to only apply the “p=” policy 50% of the time against emails that fail the DMARC check. NOTE: this will not work for the “none” policy, but only for “quarantine” or “reject” policies.
adkim Specifies the “Alignment Mode” for DKIM signatures, this can be either “r” (Relaxed) or “s” (Strict). In Relaxed mode also authenticated DKIM signing domains (d=) that share an Organizational Domain with an emails ‘From’ domain will pass the DMARC check. In Strict mode an exact match is required.
aspf Specifies the “Alignment Mode” for SPF, this can be either “r” (Relaxed) or “s” (Strict). In Relaxed mode also authenticated SPF domains that share an Organizational Domain with an emails ‘From’ domain will pass the DMARC check. In Strict mode an exact match is required.
sp This policy should be applied to email from a sub-domain of this domain that fails the DMARC check. Using this tag domain owners can publish a “wildcard” policy for all subdomains.
fo Forensic options. Allowed values: “0” to generate reports if both DKIM and SPF fail, “1” to generate reports if either DKIM or SPF fails to produce a DMARC pass result, “d” to generate report if DKIM has failed or “s” if SPF failed.
ri The reporting interval for how often the aggregate XML reports are send. This is a preference and ISPs could (and most likely will) send the report at different intervals (normally this will be daily).

 

use the DMARC Record Generator to generate the DMARC record
 
use the SPF Record Checker to display, test and verify the SPF record whether it’s valid
 
use the DKIM Record Checker to display, test and verify the DKIM record whether it’s valid

 

More information about DMARC

Originally the email authentication techniques DKIM and SPF helped to protect domains from malicious attacks. However cyber criminals can bypass these security measures. DMARC creates a link between SPF & DKIM in order to fully secure the domain and email channel. When a domain owner publishes a DMARC record into their DNS record, they will gain insight in who is sending email on behalf of their domain. This information can be used to get detailed information about the email channel. With this information a domain owner can get control over the email sent from the domain of the organization. An enforced DMARC record can be published to protect the domains against abuse in phishing or spoofing attacks. Please read more about DMARC.

Using the DMARC record checker

When a domain is submitted, the DMARC record checker will lookup the DMARC record from the DNS. The DMARC record checker gives an error message if no record is available or if it’s not valid. If a record is found, the DMARC record checker will display the DMARC policy (monitor, quarantine or reject). Read more about the DMARC Policies.

Please check the tags that are used within the table above. After performing a DMARC Record check, any problems will be displayed in the result.

What does DMARC compliant mean?

By authenticating email channels with DKIM and or SPF an organization can pass the DMARC check and become DMARC complaint. To become DMARC compliant, DKIM and or SPF must be set up aligned. Note that only DKIM or SPF must be set to be DMARC compliant. Read more about DMARC Compliant means.

Why DMARC reports are important

The SPF, DKIM, and DMARC alignment status is included within DMARC Aggregate reports. These Aggregate (RUA) reports are providing information on messages that are sent on behalf of a specific domain. These reports are needed in order to be able to gain insights into email channels that are sending email on behalf of a domain. With this information DMARC deployment specialists are able to determine which sending sources are legitimate and which are (possibly) malicious.

DMARC report

A forensic DMARC report provides more information. This report also includes the subject line, header information, URLs, and attachment information.

Start your DMARC journey today

Start with a 14 day free trial in order to gain comprehensive insights on your email channel. If there are any questions or more information about our service and packages is needed, please get a quote.

all information about DMARC
 
more information about DMARC Records
 
use the DMARC Record Generator to generate the DMARC record
 
use the record setup guides for guidance on how to set up the DMARC record for specific webhosts