netpulse.fyi
LIVE
🌐 Network
πŸ“‘Ping ToolπŸ”ŒPort CheckerπŸ”„Reverse DNSπŸ—ΊοΈIP LookupπŸ”Site Status
πŸ” DNS
πŸ”ŽDNS Lookup🌍DNS PropagationπŸ“§MX Records
πŸ“§ Email Auth
πŸ›‘οΈSPF CheckerπŸ”‘DKIM CheckerπŸ“‹DMARC Checker
πŸ”’ Security
πŸ”SSL CertificateπŸ“„HTTP HeadersπŸ“WHOIS Lookup
βœ‰οΈ support@netpulse.fyi
πŸ“‹

DMARC Checker

Inspect the DMARC (Domain-based Message Authentication) policy for a domain. DMARC tells receivers what to do with emails that fail SPF/DKIM checks.

Domain

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting and Conformance) tells receiving mail servers what to do when an email fails SPF or DKIM. Published as a TXT record at _dmarc.yourdomain.com, it ties authentication results to the visible sender domain, preventing spoofing of your From address.

DMARC policy levels

p=none is monitoring-only β€” emails still deliver but reports are sent. p=quarantine sends failing emails to spam. p=reject blocks failing emails entirely. For full protection, p=reject is the goal. Organisations typically start with 'none', review aggregate reports, then progress to 'quarantine' and finally 'reject'.

Understanding DMARC alignment

DMARC alignment means the authenticated domain must match the visible From domain. For SPF, the SMTP delivery domain must align. For DKIM, the d= tag must align. Relaxed alignment (the default) allows subdomains to match. Strict alignment requires an exact match.

DMARC aggregate reports

The rua tag specifies an email address for daily XML reports from major mail providers (Google, Microsoft, Yahoo). These show which servers send email using your domain and whether authentication passes. Analysing these reports before moving to reject policy reveals legitimate senders you might not know about.