DMARC record checker

DMARC ties SPF and DKIM together and tells receivers what to do with mail that fails authentication. Enter a domain to read its DMARC record at _dmarc, its policy strength, and its reporting configuration.

Runs the full report, including this check.

What the DMARC check covers

Why the policy strength matters

A policy of none only monitors; it does not stop spoofing. Moving to quarantine and then reject is what actually protects a domain from being impersonated. scan.mx caps the grade when DMARC is missing, since it is the piece that makes SPF and DKIM enforceable.

Frequently asked questions

What DMARC policy should I use?
Start at p=none with rua reporting to observe your mail streams without affecting delivery. Once SPF and DKIM cover all legitimate sources, move to p=quarantine and then p=reject to block spoofing.
What is DMARC alignment?
Alignment requires the domain in the From header to match the domain validated by SPF or DKIM. Without alignment, a message can pass SPF or DKIM for a different domain and still spoof yours. DMARC only passes when at least one aligns.