DMARC validation is failing and you need to confirm whether the policy record is published at _dmarc.domain.
DMARC Check
Check the live DMARC policy for a domain.
Use DMARC Check to inspect the TXT record published at _dmarc.domain,
confirm whether the policy is visible in DNS, and compare the returned value with the
reporting and enforcement configuration you expect.
Verify DMARC in DNS before troubleshooting alignment, reporting, or policy rollout.
Lookup result
_dmarc.example.com
NOERROR
Type Value TTL
No DMARC records were returned for this domain by the resolver.
What this DMARC Check tool does
DMARC Check queries the TXT record published at _dmarc.domain and filters
for values that publish a DMARC policy beginning with v=DMARC1.
Use it to confirm whether DMARC exists, inspect the live policy string, and spot missing, duplicated, or outdated policy and reporting values.
It does not confirm message outcomes by itself. A valid DMARC record does not guarantee mail passes if SPF or DKIM alignment is broken.
When to use this tool
A new DMARC policy was added and you want to verify the live TXT value before expecting reports or enforcement.
Email is reaching spam or failing alignment and you need to inspect the published DMARC tags.
A reporting address was updated and you want to confirm the rua or ruf values visible in DNS.
A DNS change was made recently and you need to know whether public resolvers can already see the new DMARC policy.
You want a DNS-level check before moving to SPF, DKIM, or message-header troubleshooting.
How to use DMARC Check
- Enter the root domain you want to verify.
- Run the check and review the TXT values published at _dmarc.domain.
- Confirm there is exactly one intended DMARC policy and that it matches your rollout plan.
- Compare the live value with the reporting and enforcement settings you expected to publish.
- If the result is missing or wrong, continue to propagation, SPF, DKIM, or message-level checks next.
How to interpret DMARC check results
DMARC record found
Likely meaning: A TXT record beginning with v=DMARC1 was returned at _dmarc.domain.
Common causes: This usually means the domain publishes a visible DMARC policy that receivers can evaluate.
Next action: Review the policy tags, then continue to SPF and DKIM if alignment or delivery still fails.
No DMARC record found
Likely meaning: No DMARC TXT policy was returned for the domain.
Common causes: DMARC may not be configured, the record may be published on the wrong host, or the DNS change may not be visible yet.
Next action: Verify the exact domain, then check DNS Lookup and propagation for _dmarc.domain.
Multiple DMARC records found
Likely meaning: More than one DMARC policy was returned.
Common causes: This usually indicates a misconfiguration caused by duplicate TXT policies or stale records.
Next action: Consolidate to a single DMARC record and retest after caches expire.
DMARC value looks wrong or incomplete
Likely meaning: The DMARC record exists, but the published tags do not match the intended policy or reporting setup.
Common causes: Incorrect p, rua, ruf, pct, or alignment tags are common causes.
Next action: Compare the live DMARC value with the intended policy and update the DNS record if needed.
NXDOMAIN
Likely meaning: The queried domain or _dmarc hostname does not exist in DNS.
Common causes: Typos, wrong domain, or checking the wrong hostname are common reasons.
Next action: Confirm the exact domain name and run DNS Lookup on the same hostname if needed.
SERVFAIL or timeout
Likely meaning: The recursive resolver could not complete the DMARC TXT lookup cleanly.
Common causes: DNSSEC failures, broken delegation, or authoritative DNS problems can interrupt DMARC checks.
Next action: Verify nameservers and DNSSEC before assuming the DMARC policy itself is the root problem.
Common DMARC issues this tool helps uncover
No DMARC policy published for a domain that should enforce or monitor authentication
Duplicate DMARC TXT records causing ambiguous policy evaluation
Wrong policy mode or reporting addresses in the live record
DMARC published on the wrong hostname instead of _dmarc.domain
Recent DMARC TXT changes not yet visible across resolvers
Nameserver or DNSSEC problems that look like DMARC failures
DMARC exists in DNS but SPF or DKIM alignment still needs checking next
Next steps after DMARC Check
Check SPF and DKIM
DMARC depends on SPF and DKIM alignment, so verify those records next if the policy is present but mail still fails.
Check DNS propagation
Use this when the DMARC record was changed recently and some resolvers may still return older policy values.
Run DNS Lookup
Inspect the raw TXT response for _dmarc.domain if you want a broader DNS-level view.
Run MX Lookup
If email flow problems extend beyond auth policy, confirm the domain’s inbound mail-routing records too.
Related tools
SPF Check
Review SPF records and authorized sending sources for a domain.
DKIM Check
Validate DKIM selectors and public keys for signed email.
MX Lookup
Inspect mail exchange records and delivery destinations for a domain.
SMTP Test
Test SMTP connectivity and common mail transport responses.
DNS Lookup
Query A, AAAA, CNAME, TXT, and other DNS records for a domain.
DNS Propagation Check
Verify whether recent DNS changes are visible across resolvers.
DMARC Check FAQ
What does DMARC Check verify?
It checks the live TXT record at _dmarc.domain and highlights DMARC policies that begin with v=DMARC1 so you can inspect the published policy value.
What input should I enter?
Enter the root domain such as example.com. The tool automatically checks the _dmarc subdomain for you.
Why does no DMARC record appear?
The domain may not publish DMARC, the TXT record may be on the wrong host, or recent DNS changes may not be visible yet from the resolver used by the tool.
Does this confirm DMARC enforcement is working?
No. This confirms the DNS policy only. Actual DMARC outcomes still depend on SPF and DKIM alignment, receiver behavior, and message headers.
Why are multiple DMARC records a problem?
A domain should publish one DMARC policy. Multiple DMARC records can cause policy ambiguity and validation problems.
What should I check after DMARC Check?
Usually SPF, DKIM, propagation, and the actual message authentication results depending on whether the DMARC policy is missing, duplicated, or outdated.