Free ToolsDMARC Checker

DMARC Checker

Checks a domain’s DMARC record — the policy that tells receiving servers what to do when a message fails SPF and DKIM, and where to send authentication reports. DMARC lives at _dmarc.{domain}.

Try it: sendlucid.com/dmarc-checker

What you give it

A domain.

What it checks

  • A DMARC record exists.
  • The policy (p=): none (monitor only), quarantine (send failures to spam), or reject (block failures). reject is full enforcement.
  • Reporting addresses — aggregate (rua=) and forensic (ruf=).
  • The sampling percentage (pct=) the policy applies to.

It returns the record, the parsed tags, and any issues.

Why it matters

DMARC ties SPF and DKIM together and is what stops others from spoofing your domain. It’s also a prerequisite for BIMI. Gmail and Yahoo now require DMARC for bulk senders.

How to read it

p=none means you’re only monitoring — fine to start, but you’re not protected. Move toward p=quarantine then p=reject once your reports show legitimate mail passing. Always set rua= so you can see what’s failing before you enforce.

DKIM CheckerBIMI Inspector