Where is a DMARC record published?

A DMARC record is published as a TXT record at _dmarc.example.com for the domain being checked.

What does the DMARC p tag do?

The p tag tells receiving systems what policy to apply to mail that fails DMARC checks, with valid values of none, quarantine, and reject.

Why should DMARC be rolled out carefully?

Moving too quickly to quarantine or reject can block legitimate mail if SPF or DKIM alignment is not already working correctly.

DMARCPROBLEM.comDMARC Record Analysis

About DMARC

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It is an email authentication policy that domain owners publish in DNS to tell receiving mail servers what to do when mail fails SPF and DKIM alignment checks.

A DMARC record is typically published at _dmarc.example.com and works alongside SPF and DKIM rather than replacing them.

Why It Is Used

DMARC helps domain owners define an explicit policy for unauthenticated mail and enables reporting so they can see how their domain is being used across the email ecosystem.

It is one of the key layers in modern email authentication because it ties SPF and DKIM to domain alignment and policy enforcement.

How It Goes Wrong

DMARC records commonly go wrong when the syntax is malformed, the policy tag is missing or invalid, alignment tags are incorrect, or the record is published more than once. Problems also happen when a domain publishes DMARC before SPF and DKIM alignment are working properly.

Common failure points include no DMARC record at all, duplicate DMARC records, broken tag syntax, invalid p or pct values, and missing reporting addresses where monitoring is expected.

Why DMARC Problems Matter

If a DMARC record is missing or invalid, the domain loses the policy and reporting layer that helps protect against spoofing and monitor authentication outcomes. If the policy is too aggressive before SPF and DKIM alignment are correct, legitimate email can be quarantined or rejected.

Because DMARC sits on top of SPF and DKIM, DMARC issues often point to deeper alignment or sending-platform problems that need to be reviewed carefully.

What This Tool Does

This site helps inspect a domain's DMARC record, confirm whether it is published, detect common syntax and policy issues, and review tags such as p, sp, rua, ruf, adkim, aspf, and pct.

It is intended as a troubleshooting and analysis aid. Results should always be independently checked before any production DNS or email changes are made.

Relevant RFCs

These specifications define the core standards behind the checks on this site.

RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)
RFC 8616 - Email Authentication for Internationalized Mail

Common Problems Checked

No DMARC record at _dmarc.example.com
Multiple DMARC records
Invalid p, sp, pct, adkim, or aspf values
Reporting tags that are malformed or difficult to use
Strict policy before SPF or DKIM alignment is ready

Improve Delivery

This site lets you check your DMARC configuration - you can also check the SPF and DKIM records. Correct sender authentication is very important, but it is also only a starting point. For more information and practical tips on improving email delivery, visit Outgoing.email.