DMARC Checker
Check any domain's DMARC, SPF, and DKIM records. Verify email authentication policy enforcement and alignment.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) tells receiving mail servers what to do when an email fails SPF and DKIM checks. Without it, anyone can send email pretending to be your domain — a technique used in 90%+ of phishing attacks.
What is SPF?
SPF (Sender Policy Framework) is a DNS TXT record that lists which mail servers are authorized to send email on behalf of your domain. If a message comes from an unauthorized server, SPF tells the receiver to reject or flag it.
What is DKIM?
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email your domain sends. The receiving server verifies the signature against a public key in your DNS, proving the email hasn't been tampered with in transit.
Why do I need all three?
SPF validates the sender. DKIM validates the content. DMARC ties them together and tells receivers what to do on failure. Without all three, your domain is vulnerable to email spoofing, phishing impersonation, and deliverability issues. Most insurers and auditors now require DMARC enforcement.
FAQ
Frequently asked questions
Is this DMARC checker free?+
Yes, completely free. Check any domain's DMARC, SPF, and DKIM records instantly — no signup, no credit card.
What does DMARC p=none mean?+
p=none means DMARC is in monitoring mode. Failing emails are reported but not blocked. This is useful during initial setup, but you should move to p=quarantine or p=reject within 2-4 weeks to actually protect against spoofing.
How do I set up DMARC?+
Add a TXT record at _dmarc.yourdomain.com with the value: v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com — then monitor the aggregate reports. Run a full CQwerty Shield scan for domain-specific copy-paste instructions.
My domain has no DMARC record — is that bad?+
Yes. Without DMARC, anyone can send email as your domain and receivers have no policy guidance. This makes phishing trivial and can damage your domain's sending reputation. It's one of the most common and dangerous misconfigurations we find.
DMARC Checker is just the start.
CQwerty Shield checks SSL, DMARC, SPF, DNS, HTTP headers, WHOIS, breach intel, and more — with CVE/KEV cross-references on every finding.
Free full scan — no signup →