DMARCPROBLEM.comDMARC Record Analysis
About DMARC
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It is an email authentication policy that domain owners publish in DNS to tell receiving mail servers what to do when mail fails SPF and DKIM alignment checks.
A DMARC record is typically published at _dmarc.example.com and works alongside SPF and DKIM rather than replacing them.
Why It Is Used
DMARC helps domain owners define an explicit policy for unauthenticated mail and enables reporting so they can see how their domain is being used across the email ecosystem.
It is one of the key layers in modern email authentication because it ties SPF and DKIM to the visible From domain, then lets the domain owner move from monitoring to enforcement when ready.
How It Goes Wrong
DMARC records commonly go wrong when the policy tag is missing, p or sp uses an invalid value, pct is outside the valid range, reporting addresses are malformed, or the policy is published more than once.
Operational problems also happen when a domain jumps to quarantine or reject before checking whether all legitimate senders pass SPF or DKIM alignment.
Why DMARC Problems Matter
If a DMARC record is missing or invalid, the domain loses the policy and reporting layer that helps protect against spoofing and monitor authentication outcomes. If the policy is too aggressive before SPF and DKIM alignment are correct, legitimate email can be quarantined or rejected.
Because DMARC sits on top of SPF and DKIM, DMARC issues often point to deeper alignment or sending-platform problems that need to be reviewed carefully.
What This Tool Does
This site checks the _dmarc host, detects duplicate records, parses policy and alignment tags, identifies aggregate and forensic report destinations, and warns when enforcement may be risky alongside SPF or DKIM issues.
It is intended as a troubleshooting and analysis aid. Results should always be independently checked before any production DNS or email changes are made.
Relevant RFCs
These specifications define the core standards behind the checks on this site.
Common Problems Checked
- Missing policy record at _dmarc.example.com
- Multiple DMARC policy records on the same host
- Invalid p, sp, pct, adkim, aspf, or reporting values
- No rua aggregate reporting address when monitoring is expected
- Quarantine or reject policy while SPF or DKIM still has issues
Improve Delivery
This site lets you check your DMARC configuration - you can also check the SPF and DKIM records on their own or all in one go at AUTHPROBLEM.com. Correct sender authentication is very important, but it is also only a starting point. For more information and practical tips on improving email delivery, visit Outgoing.email.
Questions or Issues
If you spot something that looks wrong, have a suggestion, or want to share details of a problem with one of the checks, please contact us.