DMARC Record Checker To Test Authenticated DKIM Signing Domains

DMARC checker tool

Send an email to the address below to see if your records are validated

Send an email to the address below, then click 'See Your Score':
Mailgenius works with all email providers
gmail spam tester
email tester
Klaviyo

What is DMARC?

DMARC, or “Domain-based Message Authentication, Reporting & Conformance”, is another type of email authentication. It adds linkage to the author From: domain name, publishes policies for recipient handling of authentication failures, and reports from receivers to senders, to improve and monitor the protection of the domain from fraudulent email.

Rather than thinking of DMARC as a service on the cloud, think of it more like a standard or policy that your domain is upholding. DMARC unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like an email from that domain to be handled if it fails an authorization test.

DMARC Records

Your DMARC record is published alongside your DNS records including:

  • SPF

  • A-record

  • CNAME

  • DKIM

Unlike SPF and DKIM, a properly configured DMARC policy can tell a receiving server whether or not to accept an email from a sender.

Note: Not all mail servers check DMARC before receiving a message, but all ISPs do.

How Does DMARC Work?

Our friends at SendLane have laid it out perfectly for you:

  1. You craft your email and hit send to your loyal contacts.

  2. Your mail server adds a DKIM header, which looks for forged sender addresses.

  3. DKIM confirms that you are legit.

  4. Your email heads on over to your recipients’ mail server.

  5. The recipients’ email server checks for authentication.

  6. Once given the okay, DMARC jumps in to decide if your email should be passed, quarantined, or rejected.

  7. If passed, your message arrives in your recipients’ inbox, to catch one final spam filter.

  8. You made it to the inbox!

Why is DMARC important?

Nearly 70% of all global emails are malicious. From 2013 to 2016 companies saw losses approaching $1.6 billion related to phishing attacks.

  1. Publishing a DMARC record protects your brand by preventing unauthorized parties from sending mail from your domain. In some cases, simply publishing a DMARC record can result in a positive reputation bump.

  2. Using DMARC reports increases visibility into your email campaigns by letting you know who is sending mail from your domain.

  3. DMARC helps the email community establish a consistent policy for dealing with messages that fail to authenticate. This helps the email community to be more secure and trustworthy as a whole.

  4. DMARC helps you stay out of your recipients’ spam folder.

  5. DMARC increases customers’ confidence in your brand. When they see that you take email security seriously, they know you care about the privacy of their information as well.

DMARC is an important aspect of modern IT security hygiene in 2018, and U.S. government adoption will likely help spur wider adoption by enterprises around the world as well.

How does DMARC affect email deliverability?

You can improve your email’s deliverability with DMARC by:

  1. Publishing a DMARC record
    By placing a DMARC record, a domain owner requests ISP’s (who support DMARC) to send feedback on the emails which they receive for that domain. This indicates to receivers that this domain is serious about improving their email authentication.

  2. Using the DMARC results to improve the authentication results
    The DMARC report show which sources and IPs send out an email on behalf of a domain and provides insight into the results of the SPF and DKIM verification. With these results, a domain owner can start to improve the SPF and DKIM verification. By improving their email authentication, a domain becomes more trustworthy and may lead to ISPs being more willing to place emails in the primary inbox of the receiver.

  3. Enforcing the DMARC policy
    The DMARC policy can be enforced in small steps to quarantine and eventually to a 100% reject policy. Enforcing the DMARC policy will reduce the impact of malicious emails that are sent on behalf of the domain. It also shows ISPs that the domain owner put a lot of effort in securing the email channel so receivers can rely on emails originating from their domain. This can lead to ISPs being more willing to place emails in the primary inbox and can help to improve domain reputation.

What does a DMARC record look like?

You can also go to https://dmarcian.com/dmarc-inspector/ to view the DMARC record for any domain if they have one published.

Here is an example of DMARC record–this is SendGrid’s DMARC record:

v=DMARC1\;p=none\;rua=mailto:[email protected]\;ruf=mailto:[email protected]\;rf=afrf\;pct=100

For subdomains that don’t pass the DMARC verification, MailGenius allows domain owners to set a universal (‘wildcard’) policy. The ‘fo’ option determines the conditions for forensic reporting:

  • ‘0’ will generate reports when both DKIM and SPF checks fail.

  • ‘1’ will report if either DKIM or SPF doesn’t meet DMARC criteria.

  • ‘d’ is for instances where only DKIM fails.

  • ‘s’ is used when only SPF fails.

The ‘rf’ tag defines the format used for these forensic reports. Additionally, the ‘pct’ tag lets domain owners specify what percentage of emails that don’t pass DMARC should be subjected to the set DMARC policy.

What does the MailGenius DMARC record lookup tool cover?

This DMARC record checker tool identifies invalid entries and verifies the presence of a valid DMARC record.

  • dmarc_dkim_alignment – DMARC DKIM From/DMARC Domain Alignment

  • dmarc_spf_alignment – DMARC SPF From/Domain Alignment

  • no_dmarc_record – DMARC DNS Record Existence

  • invalid_dmarc_version – Valid DMARC DNS Record version

  • invalid_dmarc_policy – Valid DMARC DNS Record policy

  • multiple_dmarc_records – Multiple DMARC DNS Record detection

  • dmarc_none_policy – DMARC DNS Record using the ‘none’ policy

Caveats, things to watch out for:

  • DMARC is not a quick deliverability fix. Just deploying a DMARC policy is not just a quick email deliverability fix. By deploying and enforcing a DMARC policy your deliverability can improve, however this is not a guarantee.

  • Immediately enforcing a reject policy is not a good idea. We strongly discourage enforcing a reject policy when starting out. When companies encounter a phishing attack, they immediately lock down their email channel by placing a DMARC record and enforcing a 100% p=reject policy. This is effective in blocking phishing attacks, however, it will also lead to legitimate emails being lost. DMARC Analyzer advises to start with a p=none policy and monitor the results. This process can take 1-12 months.

  • DMARC does not protect inbound email streams. DMARC is not designed to protect inbound emails..

  • DMARC requires both SPF and DKIM to fail in order for it to act on a message.

  • As DMARC implementation becomes more mainstream, so will DMARC failures. Some applications or websites have features that allow a user to send an email to themselves or to a friend. Oftentimes, the website or application sends these emails from the user’s own email address ([email protected]). Because of Yahoo’s DMARC policy, these messages will be rejected by any receiving server that does a DMARC check. This will also occur if an unauthorized user attempts to send mail for any domain that publishes a DMARC record with a p=”reject.”

A few of our Testimonials

"I'd recommend MailGenius to everyone. Amazingly knowledgeable about email deliverability. I got a sneak peak at their new tool, and it's absolutely fantastic."
Perrin Carrell
Perrin Carrell
Founder at ranq.io
"We were really struggling with our email deliverability (Gmail & Outlook) and didn’t know where to turn. Luckily, we found MailGenius! They created a plan for us and provided us with the steps needed to ensure our emails were hitting inboxes. We still meet regularly and they are always incredibly knowledgeable and helpful. We would recommend MailGenius to anyone having difficulty with email deliverability."
"My experience with MailGenius was amazing - beyond 5 stars. The service is great and I have seen returns immediately. Within one consulting session, we went over so much that I made my money back tenfold."
Josh Michaels
Director Of Marketing at True Blue Life insurance
"MailGenius was fantastic in helping our company resolve many issues we encountered with email deliverability. They did a deep dive into our account running many tests and helped implement the most up to date best practices to ensure our emails could now be delivered to our customers. They work with a fantastic array of tools to help get the job done and assisted in setting up automation for our SPF records, highly recommended!"
"I'm glad I found MailGenius. They were super helpful and honest about exactly what I need to do and how to go about it, step-by-step. I was able to get clarification and feedback from him on my approach and took a bunch of notes. They also shared other resources and I experienced several "aha!" moments during the call with Jesse - a real genius when it comes to email. Thank you, MailGenius!"
Tim Parkin
President at Parkin Consulting
"Since working with MailGenius we've continued to see stable inboxing, which is great. Thank you again for all of your help and guidance - we would recommend MailGenius to any company experiencing email deliverability issues." EMAIL SPAM CHECKER