Use this DMARC checker workflow to confirm your domain publishes a valid DMARC policy record and that alignment is configured correctly.

Quick answer

Use a DMARC checker to validate policy syntax, alignment settings, and report destinations. After syntax checks pass, review aggregate reports to confirm real sender behavior matches your policy.

Run a DMARC lookup

Use the interactive tool to fetch and validate the record:

If you need to generate a new record first:

What a DMARC checker should validate

  • A DMARC TXT record exists at
  • The version tag is present ()
  • A policy is set (, , or )
  • Reporting addresses are valid ( and optional )
  • Alignment settings ( and ) match your enforcement goal

How to read a DMARC report after checker validation

If the record is valid but failures continue, check DMARC aggregate reports:

  1. Identify top source IPs by volume.
  2. Confirm which sources pass SPF and DKIM alignment.
  3. Separate trusted-but-misaligned sources from unknown/spoofed sources.
  4. Stage policy tightening only after pass rates stay stable.

For ongoing report analysis and alerting, use DMARC monitoring.

DMARC best practices

  • Keep one clear owner for sender inventory and policy changes.
  • Start with while inventory is incomplete, then move to or .
  • Align transactional and marketing senders before increasing enforcement.
  • Review aggregate reports weekly and after any DNS/provider change.

Common DMARC issues and fixes

No DMARC record found

Publish a DMARC TXT record at . Start with if you are monitoring first.

Invalid tag formatting

DMARC tags must be semicolon-separated. Avoid line breaks and extra quoting that can break parsing.

Policy is too strict too early

If you are still discovering senders, start with and tighten enforcement over time using and alignment settings.

Reports do not arrive

Confirm that your address accepts aggregate reports and that you have correct mailbox routing for that destination.

Move from manual checks to automation

MailSlurp supports DNS and authentication monitoring for production workflows. Start with DMARC, SPF, and DKIM monitoring and connect alerts into your delivery process.