Check if your domain has a valid DMARC record and verify its enforcement level. Detect misconfigured or missing DMARC policies that leave your domain open to email spoofing.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that builds on SPF and DKIM. It tells receiving mail servers how to handle messages that fail authentication — either monitor them (p=none), quarantine them (move to spam), or reject them outright.
Without a DMARC record, your domain is vulnerable to email spoofing. Attackers can forge the "From" address on emails to make them appear to come from your domain, enabling phishing attacks against your customers, partners, and employees. A properly configured DMARC policy is one of the most effective defenses against business email compromise (BEC).
DMARC also provides reporting capabilities. When you include a rua tag in your DMARC record, receiving servers send aggregate reports back to you, showing who is sending email on behalf of your domain — both legitimate services and unauthorized senders.
How to Set Up DMARC
Setting up DMARC requires adding a DNS TXT record at _dmarc.yourdomain.com. A basic starting record looks like:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
Start with p=none to collect data without affecting mail delivery. Once you've identified all legitimate email sources, move to p=quarantine and eventually p=reject for full protection.
Frequently Asked Questions
What is DMARC and why does my domain need it?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that tells receiving mail servers what to do when a message fails SPF or DKIM checks. Without DMARC, anyone can send emails that appear to come from your domain, enabling phishing attacks against your customers and partners.
What does a DMARC policy of "none" mean?
A DMARC policy of "none" (p=none) means you are only monitoring — emails that fail authentication are still delivered. This is a good starting point for collecting data, but it provides no protection against spoofing. You should aim to move to "quarantine" or "reject" once you've verified your legitimate email sources.
How do I fix a missing DMARC record?
Add a TXT record to your DNS with the host "_dmarc" and a value like "v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com". Start with p=none to collect reports, then tighten the policy to quarantine or reject after reviewing the data.
Does DMARC work without SPF and DKIM?
DMARC relies on SPF and/or DKIM for authentication. Without at least one of these in place, DMARC cannot validate any messages. For best results, configure both SPF and DKIM before deploying a DMARC policy.
Is this DMARC checker really free?
Yes, completely free. Enter any domain and get instant DMARC analysis without creating an account or entering a credit card. For continuous monitoring and alerts when your DMARC config changes, sign up for a GuardHound account.
Get alerts when your DMARC config changes
GuardHound monitors your domain's email authentication around the clock and alerts you the moment something changes.
Start Free Monitoring →
Explore More Security Tools
Learn More