How to check if DMARC is configured correctly

After creating a DMARC record, it is important to verify that it is correctly configured and recognized by receiving mail servers. Proper verification confirms that your DMARC record exists in DNS and that emails sent from your domain are being evaluated according to your DMARC policy.

If DMARC is not configured correctly, receiving servers may ignore the policy or fail to enforce authentication checks.

Method 1: Check DMARC in email authentication results

The most reliable way to confirm that DMARC is working is by reviewing the authentication results of a received email.

Step 1

Send a test email from your domain to a Gmail or Outlook inbox.

Step 2

Open the email and view the message headers or original message source.

Step 3

Locate the Authentication-Results section.

If DMARC is configured correctly, you should see a result similar to:

DMARC=pass (p=none) header.from=yourdomain.com

This indicates that the email passed DMARC authentication based on SPF or DKIM alignment.

If DMARC fails, you may see:

DMARC=fail

This means that both SPF and DKIM authentication failed or were not aligned with the sending domain.

Method 2: Verify the DMARC record in DNS

You should also confirm that the DMARC record exists in your domain’s DNS.

A valid DMARC record is stored as a TXT record under the hostname:

_dmarc.yourdomain.com

Example DMARC record:

v=DMARC1; p=none; rua=mailto:[email protected]

Make sure that:

• the record exists in your DNS
• the hostname is _dmarc
• the record starts with v=DMARC1
• a valid policy (p=none, p=quarantine, or p=reject) is included

Method 3: Check DMARC using MXToolbox

You can also verify your DMARC configuration using MXToolbox.

Steps:

1. Go to https://mxtoolbox.com/DMARC.aspx

2. Enter your domain name.

3. Run the DMARC lookup.

MXToolbox will check your DNS records and show:

• whether a DMARC record exists
• the configured DMARC policy
• syntax or formatting issues in the record

This helps quickly confirm whether your DMARC record is correctly configured.

Method 4: Review DMARC reports

If reporting is enabled using the rua tag, mailbox providers will send DMARC reports to the specified email address.

These reports provide information about:

• which servers are sending emails from your domain
• SPF and DKIM authentication results
• how receiving servers applied your DMARC policy

Reviewing these reports helps identify unauthorized senders and authentication issues.

Common reasons DMARC verification fails

SPF or DKIM not configured

DMARC requires either SPF or DKIM authentication to pass and align with the domain used in the From address.

Incorrect DMARC hostname

The DMARC record must be created under _dmarc.yourdomain.com.

Syntax errors in the record

Incorrect formatting or missing tags can cause the DMARC record to be ignored.

DNS propagation delay

After adding or updating a DMARC record, DNS changes may take time to propagate across the internet.