Skip to content
DevKit Labs

DMARC Record Checker & Analyzer

Look up and explain a domain's DMARC record — policy, reporting and alignment — on our server.

This tool runs on our server. Because a browser can't perform this network lookup, the value you enter is sent to DevKit Labs to run the check — we don't store your queries. A local desktop version that runs from your own machine is planned.

About DMARC Record Checker & Analyzer

Enter a domain to fetch its DMARC record (the TXT record at _dmarc.yourdomain) and see every tag explained: the enforcement policy (p=none, quarantine or reject), the subdomain policy, the aggregate/forensic reporting addresses (rua/ruf), the percentage applied, and SPF/DKIM alignment. A clear badge shows how strict the policy is.

DMARC builds on SPF and DKIM to tell receivers what to do with mail that fails authentication. Because browsers can't query DNS, the lookup runs on our server over DNS-over-HTTPS; we don't store the domains you check.

Explain a DMARC record

Input
example.com
Output
v=DMARC1; p=reject; rua=mailto:reports@… → reject failing mail, send reports

p=reject is the strongest; p=none only monitors.

Frequently asked questions

What is a DMARC record?

A TXT record at _dmarc.yourdomain that tells receiving mail servers how to handle messages that fail SPF/DKIM, and where to send reports.

What do p=none, quarantine and reject mean?

p=none only monitors (no action); p=quarantine sends failing mail to spam; p=reject blocks it outright. Reject is the strongest protection against spoofing.

What are rua and ruf?

rua is the address for aggregate (summary) reports; ruf is for forensic (per-failure) reports. They let you monitor who's sending mail as your domain.

Why does this run on your server?

The DMARC record lives in DNS, which a browser can't query, so we resolve it server-side over DNS-over-HTTPS. The domain you enter is sent to our server; we don't store it.

Related tools

References