Email · DNS · DMARC

DMARC check

Q: Is p=none a bad DMARC policy?

p=none is useful during early rollout because it allows reporting without affecting message delivery. In the long term, quarantine or reject provides stronger protection.

Check a domain’s DMARC record, policy, reporting addresses and SPF/DKIM alignment settings. DMARC helps protect a domain against email spoofing.

A DMARC record is published in DNS under _dmarc.example.com. The policy can be none, quarantine or reject.

Enter a domain and start the check.

Guide · DMARC and email protection

What does this DMARC check do?

The DMARC check shows whether a domain has published a DMARC record and what policy it uses. A DMARC record is published in DNS under _dmarc.example.com. It tells receiving mail systems how to handle messages that fail SPF or DKIM authentication.

DMARC builds on SPF and DKIM. It does not replace them. Instead, it combines their results with a domain-level policy, reporting settings and alignment rules.

p=none

Monitoring mode. Receivers are not asked to quarantine or reject messages, but reporting can be enabled.

p=quarantine

Receivers are asked to treat failing messages as suspicious, often by placing them in spam or quarantine.

p=reject

Receivers are asked to reject messages that fail DMARC. This is the strongest DMARC policy.

rua

The rua tag defines where aggregate DMARC reports are sent. These reports help monitor email sent on behalf of the domain.

Why does DMARC matter?

DMARC helps protect a domain from unauthorized email sent in its name. When SPF and DKIM are in place and a DMARC policy is defined, receiving services can make more consistent decisions about suspicious messages.

DMARC is especially important for companies, organizations and services that use their domain for customer communication, invoices, login messages or other email that depends on trust.

How to interpret the result

A good DMARC result means that the domain has one clear DMARC record, a defined policy and reporting where needed. p=none is not necessarily wrong, but it is mainly useful for monitoring. Once sending sources have been reviewed, the policy can often be tightened gradually to quarantine and then reject.

Alignment settings such as adkim and aspf define how closely DKIM and SPF identifiers must match the visible From domain. By default, alignment is usually relaxed.

Frequently asked questions

Does DMARC require SPF and DKIM?

In practice, yes. DMARC uses SPF and DKIM results. A good email authentication setup uses SPF, DKIM and DMARC together.

Is p=none a bad DMARC policy?

p=none is useful during early rollout because it allows reporting without affecting message delivery. In the long term, quarantine or reject provides stronger protection.

What does DMARC reporting mean?

DMARC aggregate reports show which systems send email on behalf of the domain and how SPF, DKIM and DMARC checks are passing.