Using DMARC Checker to Check DMARC Record

Tools

After you've published your DMARC record, you might wonder if it's deployed correctly. There is no doubt that it's a completely legitimate question. In this post, we are going to talk about how we can check if DMARC is set up correctly using DMARC checker.

DMARCLY has released a tool aptly named DMARC checker exactly for such a purpose. You can access it at: DMARC checker. Using DMARC checker, you can fetch the DMARC record (if any) on a specified domain, and verify it. And if it finds any issue in the setup, it will warn you about it for further action. During a typical DMARC implementation, you might run into various issues including:

  • DMARC record is not found;
  • DMARC record is syntactically incorrect;
  • and more...

If you are in one of these situations:

  • you've just published/updated the DMARC record;
  • you are not receiving DMARC aggregate reports as you expect;
  • you suspect there are some issues in your DMARC implementation.

it's a good idea to use DMARC checker to run a DMARC check on your setup.

Now let's navigate to DMARC checker to run an example DMARC check. Here is what it looks like:

Note that DMARC checker is a completely free tool - you don't even need to sign up to use it. Simply enter your domain in the highlighted area, and click the Check DMARC Record button. Here we check dmarcly.com:

As you can see, DMARC checker returns success for dmarcly.com, which means the DMARC setup is fine on this domain, and aggregate reports will be sent to the designated mailbox. Also note that we are implementing the p=reject DMARC policy here, which means that unauthenticated emails are outright rejected and it provides the ultimate protection against spoofing.

Below the DMARC record is the explanation of what each tag means. You might find it handy while trying to interpret the tags in the DMARC record found:

Next, let's take a look at another example. We are plugging stanford.edu into DMARC checker, and see what comes up. Here is the result of the DMARC check:

As can be seen from above, DMARC checker returns "DMARC record not found", which literally means there is no DMARC record on stanford.edu.

Here is a list of errors that can be found by a DMARC check:

  • "DMARC record not found": no DMARC record is found on the specified domain;
  • "Policy not found": no DMARC policy is found in the DMARC record;
  • "Policy is empty": the DMARC policy is not set in the DMARC record;
  • "Invalid policy": the specified DMARC policy is invalid;
  • "Aggregate email not found": no rua tag is found in the DMARC record;
  • "Aggregate email is empty": the aggregate email is not set in the DMARC record;
  • "External domain verification is not set up! The specified email will not receive the aggregate reports": no external domain verification has been set up.

That's basically how to run a DMARC check. I hope you find this tutorial useful. Next time you need to troubleshoot DMARC deployment issues, remember to check your DMARC record!

For a complete guide to implementing DMARC/DKIM/SPF, check this post out.

Previous Post Next Post

 Protect Business Email & Improve Email Deliverability

Get a 14 day trial. No credit card required.

Create Account