DMARC Record Checker

What is a DMARC Record?

A DMARC record is a TXT record that specifies how an email server needs to respond to an email that cannot be authenticated. For example, you can decide whether email receivers should reject, quarantine, or ignore a suspicious email using DMARC records. Making a DMARC record is crucial because it enables servers to distinguish between authentic and fake emails. Ultimately, it reduces online dangers like CEO fraud, email spoofing, and phishing.

How Do DMARC Records Work?

DMARC works with DKIM and SPF to authenticate messages and decide what needs to be done for them. DMARC records inform the receiver of the steps needed to follow if there is a suspicious email.

Step 1: The domain owner publishes a DMARC DNS Record.

Step 2: The recipient mail server checks for the DMARC record.

Step 3: The mail server verifies the sender using DKIM and SPF authentication and alignment tests.

Step 4: Based on the DKIM & SPF results, the mail server applies the sending domain's DMARC policy.

Step 5: Finally, the receiving mail server sends DMARC Aggregate Reports to the email addresses specified in the DMARC record based on the outcome.

What Does An Example DMARC Record Look Like?

A DMARC record consists of a hostname and key-value pairs. An example DMARC record would look like the below:

In the above example, there are 2 key-value pairs:

• v=DMARC1
  • The version of DMARC (Required).
• p=quarantine
  • The policy which is used when a message fails (Required).
• rua=mailto:dmarc@mydomain.com
  • Email addresses to send DMARC aggregate reports. This is optional but recommended to use in every record.

Apart from the above, there are 8 more tags that can be used in a DMARC record:

• Percentage (pct)
• RUF Report Email Address(s) (ruf)
• Forensic Reporting Options (fo)
• ASPF Tag (aspf)
• ADKIM Tag (adkim)
• Report Format (rf)
• Report Interval (ri)
• Report Interval (ri)

Understanding the DMARC Record Results

DMARC report is an XML file generated at the end of the DMARC verification process. It contains several elements:

• Internet Service Provider/ Email Service Provider Information - Provides organization name, email and contact information in the <org_name>, and <extra_contact_info> tags respectively.
• Report ID: Provided inside the <report_id> tag.
• Dates: Start and end dates using the <date_range> tag.
• DMARC Record: The DMARC record is included in the DMARC report. Policy, domain, DKIM alignment strength, SPF alignment strength, and subdomain policy is indicated in <policy_published>, , , , and tags respectively.
• DKIM Authentication: DKIM authentication results and human result (if any) are provided inside the and <human_result> tags within the tag.
• SPF Authentication: The SPF authentication details are provided in the tag.
• IP Address: IP address is indicated in the <source_ip> tag.
• From Domain: The "from" domain address is included in the <header_from> tag.
• Evaluation of DMARC Authentication: <policy_evaluated> tag gives an overview of the DMARC record authentication.

What is DMARC Record Checker, and How Does This Tool Work?

DMARC Record Checker is a diagnostic tool that enables you to check the DMARC record of any particular domain and determine whether the TXT record is accurate and properly published.

When a domain is submitted, the DMARC record checker looks up the DMARC record from the DNS record. It issues an error message if a record is unavailable or invalid. If the record is available, it will show the DMARC policy.

Why is DMARC So Important? Benefits of DMARC

You can achieve multiple benefits from using DMARC records:

• DMARC allows companies to track all third parties who send emails on their behalf. This ensures compliance with security best practices.
• You can build a database with trusted contacts.
• Through DMARC, you can access the BIMI (Brand Indicator for Message Identification). This allows you to stand out in the recipient's inbox by displaying their logo next to their email message.
• The DMARC reporting system allows you to get reports on emails sent on your domain’s behalf from across the internet.
• DMARC reports give you a detailed analysis of how your email domains are being used and how to improve email communications.

Frequently Asked Questions

1 - How to check if DMARC is enabled?

You can easily run a DMARC check using an online tool like MX Toolbox. You just need to enter the domain name. It will display the DMARC record if the record is available or an error message if there is no DMARC record.

2 - What does DMARC compliant mean?

It is an email that is sent in compliance with the specifications of the Domain-based Message Authentication, Reporting, and Conformance protocol.

3 - Can DMARC be spoofed?

DMARC prevents attackers from using your original domain name. But, they can use domains similar to your domain name.

4 - How to check DMARC record using nslookup?

• Open Command Prompt
• Start nslookup by typing nslookup
• Specify response type by typing set type=TXT
• Type the domain you need to check for a DMARC record.

5 - Why are DMARC reports important?

DMARC records allow you to identify the spammers who send emails on behalf of your domain and help to identify the SPF and DKIm authenticated messages from your domain.