Logo
Free DMARC Checker Tool

DMARC Checker

Enter any domain to check its DMARC record. We validate your policy, inspect alignment settings, check reporting destinations, and flag anything that could leave your domain unprotected.

What Your Results Mean

Understanding Your DMARC Check

Here's what each result means and what to do next.

DMARC Pass

Your DMARC policy is properly configured and enforcing

A passing result means your DMARC record exists, your policy is actively protecting your domain, and your reporting is configured so you have visibility into authentication results. Make sure your SPF and DKIM records are also properly set up, DMARC depends on both.

  • Valid DMARC record found
  • Policy is set to quarantine or reject
  • Aggregate reporting is configured
  • SPF and DKIM alignment is set
Check Your SPF NextCheck Your DKIM
Common DMARC Issues

Common DMARC Problems and How to Fix Them

These are the DMARC problems we see most often. If your check flagged any of these, here's what they mean and how to fix them.

Policy Stuck on None

The most common DMARC gap

The majority of domains with DMARC still have their policy set to p=none — which means they're collecting data but not actually protecting against spoofing. None is the right place to start, but staying there indefinitely gives you no more protection than having no DMARC at all. The path to enforcement requires reviewing aggregate reports, aligning all legitimate senders, then progressively tightening the policy.

p=none only monitors — it doesn't block anythingSpoofing and phishing continue uninterruptedFix: review your reports, align senders, then move to quarantine
How to progress your policy (Coming Soon)

Missing Report Destinations

Flying blind on authentication

DMARC reporting is what makes the protocol actionable. Without aggregate reports (rua), you can't see which services are sending email as your domain or whether they're passing authentication. Without that data, you can't safely progress your policy — because you don't know what you'd break. Adding rua is the single most impactful first step.

Without rua, you have no visibility into who's sending as your domainWithout ruf, you can't diagnose individual authentication failuresFix: add a rua tag pointing to a mailbox or DMARC monitoring service
How to read DMARC reports (Coming Soon)

SPF or DKIM Alignment Failures

Passing auth but failing DMARC

DMARC doesn't just check whether SPF or DKIM pass — it checks whether the authenticated domain aligns with the From header domain. A message can pass SPF and DKIM but still fail DMARC if the domains don't match. This is especially common with third-party senders like marketing platforms and CRMs that use their own domains for the envelope sender or DKIM signature.

SPF and DKIM can pass but still fail DMARC if alignment is offThird-party senders are the most common source of misalignmentFix: configure DKIM signing with your domain, or switch SPF to relaxed alignment
How to fix alignment (Coming Soon)

No DMARC Record Found

No protection at all

If no DMARC record exists for your domain, receiving servers have no way to know what you want them to do when SPF or DKIM fails. That means anyone can forge emails from your domain and there's no policy stopping them. Publishing even a basic p=none record with aggregate reporting is a significant improvement — it gives you visibility and signals to receivers that you're working on authentication.

Without DMARC, receivers have no policy to enforceYour domain is fully exposed to spoofing and phishingFix: publish a DMARC TXT record at _dmarc.yourdomain.com
Set up DMARC now (Coming Soon)
Why It Matters

Why DMARC Matters for Your Business

DMARC is the policy layer that actually stops email spoofing. Without it, SPF and DKIM are suggestions, not enforcement.

Your Domain Gets Used in Phishing Attacks

Without DMARC enforcement, attackers can send emails that appear to come from your domain, targeting your clients, vendors, and employees. You won't even know it's happening until someone reports it.

Legitimate Emails Land in Spam

Major inbox providers like Google and Yahoo now require DMARC for bulk senders. Without a valid record, your marketing emails, transactional messages, and even internal communications can be deprioritized or filtered.

You Have No Visibility Into Your Email

Without DMARC reporting, you can't see who's sending email as your domain. Shadow IT, forgotten services, and unauthorized senders go undetected, until they cause a deliverability or security incident.

Compliance and Insurance Requirements

Cyber insurance underwriters and compliance frameworks like SOC 2, HIPAA, and CMMC increasingly expect DMARC enforcement. A missing or weak DMARC policy can complicate renewals, audits, and vendor questionnaires.
See How iO DMARC Helps
Complete Protocol Coverage

Check Your Full Email Authentication with iO™ DMARC

SPF is one piece of the puzzle. Use these tools to check the rest of your email authentication stack.

SPF

SPF Checker

Validate your SPF record and confirm which servers are authorized to send on your behalf. DMARC relies on SPF alignment to verify the envelope sender.

Check SPF
DKIM

DKIM Checker

Verify your DKIM signature to make sure outgoing emails are cryptographically signed. DMARC uses DKIM alignment to verify message integrity.

Check DKIM
BIMI

BIMI Checker

See if your domain qualifies to display your brand logo in supported inboxes. BIMI requires a DMARC policy of quarantine or reject to be eligible.

Check BIMI
MTA-STS

MTA-STS Checker

Check whether your domain enforces encrypted email delivery. MTA-STS protects the transport layer, while DMARC protects the authentication layer.

Check MTA-STS
TLS-RPT

TLS-RPT Checker

Verify your TLS reporting setup. Just like DMARC gives you authentication reports, TLS-RPT gives you visibility into encrypted delivery failures.

Check TLS-RPT
Email Audit

Email Authentication Audit

Get a complete picture of your SPF, DKIM, DMARC, BIMI, and MTA-STS configuration in one report. See what’s working, what’s broken, and what to fix first.

Run Free Audit

Ready to secure your email domain?

SPF is just the first layer. iO™ DMARC manages your entire email authentication stack, so you don't have to.

Get Started with iO™ DMARCSchedule a Demo
Learn More

Learn About DMARC

Want to go deeper? These guides explain how DMARC works, how to set it up, and how to troubleshoot common problems.

How to Set Up DMARC

A step-by-step guide to creating your DMARC record, configuring reporting, and progressively tightening your policy from none to reject.
Coming Soon

DMARC Failure Troubleshooting

Common reasons DMARC fails — alignment issues, missing records, policy conflicts — and how to fix each one without breaking legitimate email.
Coming Soon

How to Read DMARC Reports

A beginner-friendly guide to understanding aggregate and forensic DMARC reports — what the data means and how to act on it.
Coming Soon
Explore iO DMARC

Ready to Fix Your Email Authentication?

Found issues with your DMARC record? Or just want someone to handle email authentication so you don't have to think about it? Let's talk.

Done Wrestling with Raw DMARC Reports?

iO™ DMARC turns aggregate and forensic XML into plain-language dashboards, discovers every sender on your domain, and guides your policy from p=none to p=reject without breaking legitimate email.

Meet iO™ DMARC
Free DMARC record review
Full SPF, DKIM, and DMARC setup
Managed policy progression to p=reject
Ongoing monitoring and reporting included