Skip to main content
KX Toolkit
Sign in Get started
Text Analysis Tools 29 tools
Keyword Tools 14 tools
Backlink Tools 12 tools
Website Management Tools 20 tools
Meta Tag Tools 4 tools
Image Tools 25 tools
Password & Encryption 17 tools
Unit Converter Tools 24 tools
Website Tracking 7 tools
Domain Tools 5 tools
Calculators 14 tools
Developer Tools 33 tools
CSS Tools 14 tools
Color Tools 13 tools
Social Media Tools 17 tools
PDF Tools 10 tools
Productivity Tools 6 tools
Audio Tools 5 tools
Video Tools 3 tools
Bulk Tools 35 tools
View all tools on one page View all categories

DMARC Checker

DMARC, or Domain-based Message Authentication, Reporting, and Conformance, builds on SPF and DKIM to tell receivers what to do when a message claims to come from your domain but fails authentication. It also requests aggregate and forensic reports back to addresses you choose. DM

Domain Tools
We'll query _dmarc.<domain> TXT.

DMARC, or Domain-based Message Authentication, Reporting, and Conformance, builds on SPF and DKIM to tell receivers what to do when a message claims to come from your domain but fails authentication. It also requests aggregate and forensic reports back to addresses you choose. DM

This free DMARC Checker from KX Toolkit is part of our all-in-one online toolkit. It runs entirely in your browser, so your data never leaves your device for client-side operations. 100% free, forever - no paywall, no credit card, no trial.

How to use the DMARC Checker

  1. Enter the domain or IP address.
  2. Pick the record type if the tool supports filtering.
  3. Run the lookup - most checks return in under a second.
  4. Copy the records for your DNS migration or audit notes.

What you can do with the DMARC Checker

  • Audit DNS before a domain migration.
  • Verify SSL certificate expiry and chain.
  • Check domain age and history before buying.
  • Diagnose email-delivery issues (SPF, DKIM, DMARC).

Why use KX Toolkit's DMARC Checker

  • Browser-based: Works on Windows, macOS, Linux, iOS and Android - no install, no extension.
  • Privacy-first: Client-side tools never upload your data; server-side tools delete files right after processing.
  • Mobile-friendly: Full feature parity on phones and tablets - not a stripped-down view.
  • Fast: Optimised for instant feedback. No artificial waiting screens, no email-gated downloads.
  • One hub for everything: 300+ tools across SEO, text, image, PDF, code, color, calculators and more - skip switching between sites.

Tips for the best results

DNS changes propagate at different speeds across resolvers - run the same check from Google (8.8.8.8) and Cloudflare (1.1.1.1) before declaring a problem.

Related Domain Tools

If you find this tool useful, explore the full Domain Tools collection or browse our complete tool directory. KX Toolkit is built for marketers, developers, designers, students and anyone who needs a quick utility without signing up for yet another SaaS.

What is DMARC and why does it matter?
DMARC, or Domain-based Message Authentication, Reporting, and Conformance, builds on SPF and DKIM to tell receivers what to do when a message claims to come from your domain but fails authentication. It also requests aggregate and forensic reports back to addresses you choose. DMARC is the only mechanism that protects your visible From header from spoofing, which is why every brand serious about email security publishes a policy.
What do p=none, p=quarantine, and p=reject mean?
The p tag is the policy. p=none means "monitor only", which collects reports without affecting delivery. p=quarantine asks receivers to send failing mail to spam. p=reject instructs them to drop it outright. Most domains start at none, review reports for several weeks, fix legitimate senders that fail, then ramp through quarantine to reject. The checker shows the current policy along with any percentage and subdomain qualifiers.
Where should the DMARC record live in DNS?
DMARC records sit at the _dmarc subdomain of the protected domain, so a record for example.com is published as a TXT record at _dmarc.example.com. Subdomains can publish their own records, or fall back to the parent's policy through the sp tag. The checker queries the correct location automatically and warns if the record is published in the wrong place, which is a common mistake.
What is the rua tag used for?
rua is a comma-separated list of mailto addresses where receivers send aggregate reports, typically once per day. These reports are XML files summarizing how many messages passed and failed for each sending source. Tools like Postmark, dmarcian, and Valimail parse them into dashboards. Without rua, you are flying blind because you have no visibility into who is sending mail under your domain or how DMARC is actually performing.
Can I deploy DMARC without breaking legitimate email?
Yes, by starting at p=none with a rua address, then reviewing reports for at least two weeks. You will discover SaaS tools, marketing platforms, and internal apps that send under your domain. Add them to SPF or enable DKIM on each, then watch the pass rate climb. Only after the legitimate fail rate is near zero should you move to quarantine and finally reject, ideally with the pct tag for gradual rollout.
Why does DMARC fail even though SPF and DKIM look correct?
DMARC requires alignment, meaning the domain in the From header must match either the SPF-authorized envelope domain or the DKIM signing domain. Many SaaS platforms send mail that passes SPF and DKIM under their own domain rather than yours, which fails alignment and therefore DMARC. The fix is to use vendor features that sign with your domain and enable a CNAME-based DKIM selector for that vendor.

No reviews yet

Be the first to share your experience with the DMARC Checker.

Domain Tools
View all

Domain Age Checker

Find out how old a domain is using WHOIS data.

Domain Hosting Checker

Find the hosting provider and nameservers for any domain.

Typo-squatting Detector

Generate common typo and TLD variants of a domain, then check which are actually...

MX Record Lookup

An MX, or Mail Exchanger, record tells the internet which servers are responsibl...

NS Record Lookup

NS, or Name Server, records identify the authoritative DNS servers for a domain....

TXT Record Lookup

TXT records hold arbitrary text strings attached to a domain. Originally meant f...