DMARC tells receivers how to handle mail that fails SPF or DKIM alignment checks.

No. p=none is often used for monitoring, but it does not request quarantine or reject handling.

Does DMARC prove a message is safe?

No. DMARC is one email-authentication signal and does not prove message intent or complete safety.

Email Security Tool

DMARC Checker

Look up a domain's DMARC TXT policy and review policy, reporting, and alignment signals. This is a DNS policy check, not a complete email security audit.

Check DMARC

Enter a domain to check DMARC.

Technical response details (optional)

What the results mean

DMARC records live at _dmarc.example.com. The p tag can be none, quarantine, or reject. Reporting tags such as rua help domain owners monitor results.

How to use this tool

Enter the domain you want to check.
Review the policy and reporting fields.
Compare with SPF and MX records for broader email context.

FAQ

Where is the DMARC record stored?

It is a TXT record under _dmarc for the domain.

Should every domain use p=reject?

Not immediately. Many domains start with monitoring and move carefully after reviewing legitimate mail sources.

Does this check DKIM selectors?

No. DKIM selectors vary by sender. Use DNS Lookup if you know the selector name.

B2B diagnostic report model

Email domain diagnostics

Email checks connect MX, SPF, DMARC, optional DKIM selector records, PTR/rDNS, sender-IP context, blacklist context, and email-header evidence.

SummaryStart with a plain-language status for the public target.

Top issuesPrioritize the few findings that need attention first.

What passedShow expected public signals without turning them into a certification.

What needs reviewSeparate limited, unavailable, and review-worthy signals.

Why it mattersExplain the business, delivery, crawl, or implementation impact.

Recommended fixesPoint to the DNS, hosting, email, CMS, or SEO owner who can act.

What this tool cannot checkThis does not send mail, inspect private mailboxes, guarantee inbox placement, or certify sender reputation everywhere.

Client-safe copyClient-safe copy should keep authentication findings and fixes while removing email local-parts, raw TXT payloads, raw sender IP details, and private mailbox context.

Monitoring beta (optional)Optional monitoring beta can compare MX, SPF, DKIM selector checks, DMARC policy, PTR/rDNS, and selected blacklist signals for approved domains.

Client-safe report

Share findings without leaking raw technical material

Use Safe Copy or this page's summary when sending results to a client, vendor, developer, or support team. Raw headers, credentials, tokens, cookies, private addresses, email local-parts, and oversized payloads should stay out of client-facing copy.

Review Safe Copy Ask about monitoring beta

Check my email domain

What this checks

Public mail-domain records and pasted email-header signals such as MX, SPF, DMARC, DKIM selector context, and sender-route clues.

Limits

What this cannot check

It cannot guarantee inbox placement, inspect private mailboxes, or certify sender reputation everywhere.

Read results

How to use the output

Treat results as review signals for this browser/session or public target. Re-test after one change, then use Safe Copy or notes that avoid raw identifiers.