{{ error }}
{{ record }}
TagValue
{{ key }} {{ val }}
DMARC Checks
{{ c.label }}
Categories: DNS , Email , Networking , Security
Export to PDF Fullscreen

Domain-based Message Authentication, Reporting and Conformance (DMARC) extends SPF and DKIM, telling receiving servers how to treat messages that fail authentication. A valid DMARC record lives in your domain’s DNS zone and guides mailbox providers to quarantine or reject unauthenticated traffic. It enhances deliverability, blocks spoofing, and protects brand reputation.

The DMARC Validation Report tool lets you verify that record quickly and accurately. Your browser issues a DNS-over-HTTPS query to retrieve the TXT entry at _dmarc.example.com, parses each tag, then summarises compliance checkpoints. You immediately see whether policy actions, percentages, and report URIs follow best-practice recommendations.

With the findings, you can correct weak directives before phishing simulations—or real attacks—exploit them. Aligning policy to quarantine or reject strengthens trust and feeds threat-intelligence dashboards. Because everything runs client-side, you analyse sensitive domains faster, avoid server logs, and keep full control of diagnostic data.

Technical Details:

This diagnostic utility runs entirely in your browser and inspects DMARC settings without external storage.

  • Client-side DNS-over-HTTPS lookup eliminates intermediary servers.
  • Retrieves the first DMARC TXT record and its time-to-live (TTL) value.
  • Parses v, p, pct, rua, fo, sp, and adkim tags for granular insight.
  • Generates a six-point pass/fail checklist with coloured icons.
  • Displays tag map in a responsive table for easy scanning.
  • Handles internationalised domains using Unicode-to-ASCII conversion.
  • Provides instant feedback without page reloads or server logs.
  • Works seamlessly on desktop and mobile browsers with offline-grade resilience.

Step-by-Step Guide:

Follow these steps to assess any domain.

  1. In the Domain field, enter the bare registration (e.g., example.com) Caution.
  2. Press Validate DMARC to start the lookup.
  3. Watch the blue information banner for the complete DMARC TXT record.
  4. Review the tag table to confirm version, policy, percentage, and report URIs.
  5. Scan the compliance checklist; green ticks mark passes, red crosses highlight issues.
  6. Copy or screenshot the results to include in security reports or change tickets.

FAQ:

Find concise answers to frequent questions.

Why does the tool display “No DMARC record found” for my domain?

The domain either lacks a DMARC TXT entry at _dmarc.<domain> or DNS propagation is incomplete. Allow time for updates and verify the record with your DNS host.

Is any data sent to your servers during validation?

No. The browser queries a public DNS-over-HTTPS endpoint directly; the application never transmits or stores information on third-party servers.

Does the utility support sub-domain policies defined by the sp tag?

Yes. When the sp tag is present, its value is parsed and shown alongside other tags, letting you confirm inherited policies for child domains.

Why does the checklist fail when my policy is set to none?

A none policy only requests reporting and offers no enforcement. The pass/fail logic recommends quarantine or reject for stronger protection.

How reliable are the TTL and response times displayed?

TTL reflects the first answer in the DNS response and is accurate at query time. Response time is measured in your browser and may vary with network latency.

Embed this tool into your website using the following code: