What is DMARC?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email validation system designed to detect and prevent email spoofing. It builds on SPF and DKIM by adding a reporting and compliance policy.
How This Tool Works:
- The tool queries the DMARC TXT record at _dmarc.example.com for the specified domain.
- It parses the DMARC record to display key tags such as v (version), p (policy), rua (aggregate report URI), and others.
- If the record is missing or misconfigured, the tool displays appropriate warning messages.
Interpreting Results:
- Successful Retrieval: You will see the raw DMARC record and its parsed tags. For example:
In the above example:
- v confirms the DMARC version.
- p is set to "reject", meaning emails that fail DMARC checks should be rejected.
- rua specifies where aggregate reports should be sent.
- aspf indicates that SPF alignment is relaxed.
- No DMARC Record or "The domain does not exist":
If you see an error message like "The domain does not exist," it usually means that the domain could not be resolved—either because it is unregistered, mistyped, or its DNS records are not set up. A missing DMARC record will also be noted if the domain is found but does not publish DMARC data.
Best Practices:
- Ensure that your DMARC record starts with v=DMARC1.
- Set a clear email policy using the p tag (options: none, quarantine, or reject).
- Always include a reporting address via the rua tag to receive feedback on email authentication.