Validates DMARC policy for email authentication
Validates DMARC (Domain-based Message Authentication, Reporting and Conformance) policy configuration.
This checker validates DMARC (Domain-based Message Authentication, Reporting and Conformance) policy configuration. It checks:
DMARC Record Presence: Verifies that a DMARC TXT record exists at _dmarc.domain
Valid DMARC Version: Confirms the record starts with v=DMARC1
Policy Enforcement: Validates the policy setting (p=quarantine or p=reject)
Reporting Configuration: Checks for reporting URIs (rua, ruf) for monitoring
Alignment Settings: Validates SPF and DKIM alignment requirements (aspf, adkim)
The checker performs DNS TXT record lookups and parses DMARC record syntax according to RFC 7489.
| Status | Condition | Test Logic | Description |
|---|---|---|---|
| SUCCESS | DMARC policy properly enforced | - DMARC record exists with valid syntax - Policy set to quarantine or reject - Reporting URIs configured - Proper alignment settings | Domain has enforced DMARC policy for email security |
| WARNING | DMARC policy in monitoring mode | - DMARC record exists but policy is none - Policy not fully enforced - Missing reporting configuration | DMARC policy is configured but not enforced |
| FAIL | DMARC policy missing or invalid | - No DMARC record found - Invalid DMARC syntax - Missing v=DMARC1 tag - Critical configuration errors | Domain lacks proper DMARC policy configuration |
| ERROR | Technical failure | - DNS lookup failed - Network connectivity issues - Invalid domain format | Technical error occurred during DMARC record validation |
If DMARC policies are missing or misconfigured, the following risks apply:
Email Spoofing: Attackers can send emails claiming to be from your domain
Brand Impersonation: Malicious actors can impersonate your organization in phishing campaigns
Email Deliverability Issues: Legitimate emails may be rejected or marked as spam
No Policy Enforcement: Emails failing authentication checks are not properly handled
Lack of Monitoring: No visibility into email authentication failures and abuse
Compliance Violations: Failure to implement DMARC may violate industry standards
Customer Trust Loss: Recipients may lose confidence in emails from your domain
Regulatory Issues: Some industries require DMARC implementation for compliance
Add this checker to your monitoring setup and start identifying issues on your websites today.