Utinzo

DMARC Record Checker

Check and analyse the DMARC policy for any domain to understand how email authentication failures are handled.

Did this tool work for you?

AdSense336 × 280
AdSense336 × 280

How to use this calculator

  1. 1

    Enter the domain name whose DMARC policy you want to check.

  2. 2

    Click "Check Now" to query _dmarc.yourdomain.com.

  3. 3

    The tool parses all DMARC tags: policy, subdomain policy, reporting addresses, and alignment modes.

  4. 4

    A "reject" policy is the strongest; "none" is monitor-only.

AdSense · 728 × 90

Frequently asked questions

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a DNS policy that builds on SPF and DKIM. It tells receivers what to do when emails fail SPF/DKIM checks (none, quarantine, or reject) and where to send reports about authentication failures.

What is the difference between p=none, quarantine, and reject?

none: take no action but send reports (monitoring mode). quarantine: deliver to spam folder. reject: block the message entirely. Most organizations start with none to monitor, then move to quarantine, then reject once confident all legitimate senders are configured correctly.

What are rua and ruf addresses?

rua (aggregate reports) receives daily XML summaries of all emails processed under your DMARC policy — shows pass/fail statistics by sender. ruf (forensic reports) receives copies of individual failing messages. Both use mailto: URIs. Aggregate reports are more commonly used.

What is DMARC alignment?

Alignment means the domain in the From header must match the domain used in SPF or DKIM. Relaxed alignment (adkim=r / aspf=r) allows subdomain matches. Strict alignment (adkim=s / aspf=s) requires an exact match. Relaxed is the default and usually sufficient.

About dmarc record checker

DMARC Record Checker — Analyse your email policy

Why DMARC matters

Without DMARC, fraudsters can send emails that appear to come from your domain — phishing, brand abuse, and business email compromise. DMARC closes the gap that SPF and DKIM leave: it enforces alignment and gives you visibility through reporting.

Road to p=reject

Start with p=none and rua=mailto:reports@yourdomain.com. Monitor aggregate reports for 2–4 weeks to identify all legitimate sending sources. Add SPF/DKIM for any missed senders. Gradually move to p=quarantine with pct=10 (10% of messages), increasing pct to 100. Then switch to p=reject.

DMARC Record Checker – Utinzo

Learn more from an authoritative source:

MDN Web Docs
Related tools

JSON Formatter & Validator

Format, validate, and minify JSON — with clear error messages for invalid input.

Base64 Encoder / Decoder

Encode plain text to Base64 or decode Base64 strings back to readable text.

URL Encoder / Decoder

Encode special characters in URLs (percent-encoding) or decode percent-encoded URLs.

UUID Generator

Generate UUID v4 (random) identifiers — one or in bulk.

See all Developer Tools tools

Results are estimates for informational purposes only and do not constitute professional financial, medical, legal, or technical advice. Read full disclaimer →