DMARC Record Checker- Verify Your DMARC Records for errors

Analyze Your Domain's DMARC Record for Improved Email Deliverability and Performance

Status Valid: Your DMARC record is in good shape. No further action is needed.
Invalid: Your DMARC record has issues. Utilize our DMARC generator to resolve them.
No Record: You haven’t published a DMARC record. Create and publish a new one.
Domain Policy None: You are in monitoring mode, allowing the analysis of emails without preventing illegitimate ones from reaching recipients' mailboxes.
Quarantine: Illegitimate emails will be directed to recipients’ junk/spam folders but won’t be completely rejected.
Reject: You have successfully enforced DMARC to the highest policy, and illegitimate emails are now being blocked.
Invalid: Your policy has typos or other issues. Review and correct the policy.
ProDMARC Reporting Active: Reports from your domain are being received. View the data in your dashboard.
Inactive: We’re not receiving reports from your domain. Generate a new DMARC record and add our RUA tag to start receiving reports.

Additional Information

Tag Value Description

Read More

What Is DMARC?

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication policy and reporting protocol. When implemented at an enforcement policy, only authorised senders can send email using the domain in the "from" field.

DMARC also includes a reporting mechanism. Email receivers can tell the domain about whether or not the email they have received, passed or failed authentication. These reports let the domain owner or their DMARC vendor see who is using the domain to send email. Domain owners can use this information to fine-tune their email authentication policy to permit only trusted senders to send email on behalf of the domain.

DMARC (Domain-based Message Authentication Reporting and Conformance) is designed to protect your company’s email domain from being used for email spoofing, phishing scams and other cybercrimes. DMARC take the advantage of the existing email authentication techniques, SPF (Sender Policy Framework) & DKIM (Domain Keys Identified Mail).

Why is DMARC important?

Email is involved in more than 90% of all network attacks and without DMARC, it can be hard to find out the email is real or fake.

DMARC makes it easier for Internet Service Providers (ISPs) to prevent malicious email practices, such as domain spoofing in orderto phish for recipients' personal information. Essentially, it allows email senders to specify how to handle emails that were not authenticated using SPF or DKIM.

How does DMARC help the End User / Consumer?

DMARC makes it easier for Internet Service Providers (ISPs) to prevent malicious email practices, such as domain spoofing in orderto phish for recipients' personal information. Essentially, it allows email senders to specify how to handle emails that were not authenticated using SPF or DKIM.

How to implement a DMARC Reject policy on your domain

Below are the 5 steps to help you successfully implement DMARC in Reject Policy.

1. Setting up a DMARC record to policy none (monitoring):
The first step is to begin monitoring your domain with DMARC. Create a policy and set it to None. This allows you to receive DMARC reports without impacting your mail flow. ProDMARC provides users with DMARC reports, which provide information needed to configure your SPF and DKIM.

2. Monitoring the DMARC reports:
Once you have setup DMARC record for your domain, we suggest you to wait for 1-2 weeks so that you have substantial amount of data to start working. These reports will show the information of the sending servers along with IP address, SPF domain(envelope-from/return-path), SPF alignment staus, DKIM selector and it also shows which emails have passed or failed DMARC. Based on the DMARC data received, we will have to identify all the authorised senders and then add the IP address of them in our SPF record and enable DKIM signing and public key addition in our DNS. It’s important to carefully interpret reports. Don’t automatically add all the senders from your DMARC report to your SPF record. It’s likely that some of the “senders” are actually forwarder- email servers that receive email from your senders and then forward it on to another inbox. We at ProDMARC help you identify these kind of things thereby decreasing the time spent in None mode.

3. Move to the Quarantine Policy :
Now that we have made all the genuine senders DMARC compliant, we can move to the second mode i.e Quarantine. A Quarantine policy sends unauthenticated email to spam folder of the end recipient. We recommend to update the DNS to “quarantine” with small percentages. Starting with 10% and monitor the statistics if nothing weird occurred. Once we are confident that all our authorised senders are fully compliant we can migrate our domain to the final phase of DMARC i.e Reject.

How to fix "No DMARC record found"?

When you see "No DMARC record found" for your domain, means you have not added the DMARC TXT record in your DNS. Fixing “No DMARC record found” means adding a TXT DNS record in according to DMARC specification. The basic DMARC record can be as simple as the following:

v=DMARC1; p=none;

What does DMARC compliant mean?

Using DMARC policies protect your domains against scams and brand abuse. In order to achieve this, your emails need to be DMARC compliant. By setting up DKIM or SPF you can achieve DMARC compliance.

In order to become DMARC compliant, either DKIM or SPF has to be setup correctly and aligned. Note that, when you setup DKIM and SPF and one of the two fails, your email will still be DMARC compliant and pass the DMARC checks. Only setting up DKIM or SPF is not enough. It is important to make sure that DKIM and or SPF alignment, without alignment an email cannot be DMARC compliant.


There is a thin line of difference between Phishing and Spoofing. Spoofing is where the attacker first spoofs or steals the identity of a real-time user, and then contacts the user. The objective of communicating with the end-user is to get their personal and sensitive information from the user. So, basically, the attacker acts like someone who exists in the real world and is a legitimate user. This is an example of identity theft.

This is very risky because attackers typically target big enterprises and large organizations; steal the information and then connect with the target group to hack their systems and steal their personal data. Here too, attackers use the latest software systems to get your email address and ids.

1. Email Spoofing includes stealing the ‘from address’ in the email so that the email appears genuine.
2. Website spoofing is when attackers take over an existing website and change the address or set up fake websites.
3. IP Spoofing is related to stealing or hiding the IP address to conceal their identity.
4. Caller ID Spoofing involves a phone number. Such numbers look genuine, and the receiver receives the call, and he is asked to reveal his personal information.
5. DNS Server Spoofing is when cybercriminals direct the traffic to an IP address that contains malware.

1. One of the typical examples is when hackers hack a complete website by changing the IP address of the site.
2. A website that looks like a banking website asks you to log in, but when you do, you realize that your account has been stolen.

Incoming DMARC configuration for Microsoft 365 Exchange Online platform

To read about Incoming DMARC configuration for Microsoft 365 Exchange Online platform, So download below PDF.

ARC – Authenticated Received Chain

To read about ARC – Authenticated Received Chain, So download below PDF.


Discover all Progist tools to enhance domain security and email delivery.

Lookup tools

Other tools

Our Services & Expertise

Spoof proof your inbox with Progist Email Secure Suite.

Start Free   Contact us