Email
LIVE
DMARC Lookup
Analyze the DMARC policy for domain email protection
usage:
dmarc-lookup --domain What is DMARC Lookup?
DMARC Lookup analyzes the DMARC (Domain-based Message Authentication, Reporting & Conformance) record of a domain. DMARC unifies SPF and DKIM by defining a policy that tells receiving servers how to handle emails that fail authentication and where to send aggregate reports.
Frequently Asked Questions
What is DMARC? +
DMARC is an email authentication protocol built on SPF and DKIM. It allows the domain owner to specify how to handle unauthenticated emails (monitor, quarantine, or reject).
What DMARC policies are available? +
Three policies: p=none (monitoring only, no action), p=quarantine (moves unauthenticated emails to spam), p=reject (completely rejects unauthenticated emails).
Which DMARC policy should I start with? +
Always start with p=none to monitor email traffic without impact. Analyze the reports to identify legitimate sources, then gradually move to quarantine and finally reject.
What are DMARC reports (rua/ruf)? +
rua specifies where to send aggregate reports (daily statistics), ruf specifies where to send forensic reports (detail for each failure). Aggregate reports are essential for monitoring.
Does DMARC protect against spoofing? +
Yes, with p=reject policy, DMARC prevents unauthenticated emails from being delivered using your domain as the sender. It is the most effective protection against domain spoofing.
How is DMARC configured? +
Add a TXT record at _dmarc.yourdomain.com with the desired policy. Use our DMARC Generator to create a valid record with the correct options.