SSL Checker DMARC Meta Tags Site Speed Broken Links AI Chat Bookings Try ModusOp

Check your email
authentication

Instantly verify DMARC, SPF, DKIM, and MX records for any domain. See if your email is protected from spoofing.

A ModusOp product

Enter any domain name — we'll check DMARC, SPF, DKIM, and MX records.

Checking email authentication records…

Need full site audits?

ModusOp scans your entire site for security issues, SEO problems, broken links, and more — with AI-powered fixes.

Try ModusOp Free →

Frequently Asked Questions

What is DMARC and why do I need it?
DMARC (Domain-based Message Authentication, Reporting and Conformance) protects your domain from email spoofing and phishing. It tells receiving mail servers what to do with emails that fail authentication checks — without it, anyone can send emails pretending to be from your domain.
What is the difference between SPF, DKIM, and DMARC?
SPF verifies which mail servers are allowed to send email for your domain. DKIM adds a cryptographic signature to prove the email wasn't tampered with. DMARC ties them together with a policy that tells receivers what to do when checks fail. You need all three for proper email authentication.
What DMARC policy should I use?
Start with p=none to monitor without blocking any email. Once you've confirmed all legitimate email passes authentication, move to p=quarantine (sends failures to spam), then p=reject (blocks failures completely). Going straight to reject can block legitimate email if your SPF/DKIM isn't fully configured.
What does a failing SPF record mean?
A failing SPF check means the email was sent from a server not listed in your SPF record. This could be a spoofed email, or it could be a legitimate service (like a CRM or newsletter tool) that you forgot to include. Check your SPF record includes all services that send email on your behalf.
Is this DMARC checker free to use?
Yes, completely free with no limits. For ongoing DMARC report analysis that tracks authentication pass rates over time, check out ModusOp's Domain Health module.

Frequently Asked Questions

Is DMARC Dashboard really free?

Yes — completely free, no signup, no credit card, and no rate limits. We run it because we use it ourselves when setting up client domains and diagnosing deliverability problems. Ads on the page help cover hosting, but the tool itself will always be free to use.

What's the difference between SPF, DKIM, and DMARC?

They're three different layers of email authentication that work together. SPF tells receiving servers which IP addresses are allowed to send email on behalf of your domain. DKIM adds a cryptographic signature to outgoing messages that receivers can verify. DMARC is the policy layer — it tells receivers what to do when SPF or DKIM checks fail, and where to send reports. You need all three for strong protection.

What does p=none mean in a DMARC record?

It means "monitor only — don't reject or quarantine anything yet, just send me reports." It's the right place to start when deploying DMARC, because it lets you see what's happening without breaking legitimate email. Once you've analysed the reports and confirmed everything legitimate is passing, you can move to p=quarantine (send failures to spam) or p=reject (refuse them entirely).

Do I need DMARC if I already have SPF and DKIM?

Yes — SPF and DKIM on their own don't tell receivers what to do with messages that fail authentication. DMARC fills that gap. It's also the only way to receive aggregate reports, which show you who's trying to send email as your domain — including both legitimate services you may have forgotten about and attackers attempting to spoof you.

Why does my DMARC record say pct=100?

That means "apply this policy to 100% of failing messages." It's the default if you don't specify a percentage. You can set it lower (e.g., pct=25) when rolling out a stricter policy gradually — receivers will apply your policy to a quarter of failing messages and treat the rest as p=none. It's a good way to slowly tighten policy without risking legitimate email all at once.

How do I add a DMARC record to my domain?

DMARC records are published as TXT records in DNS, at the subdomain _dmarc.yourdomain.com. The record value is a semicolon-separated list of tags — minimum v=DMARC1; p=none; rua=mailto:[email protected] to get started. Your DNS provider's documentation will show you how to add a TXT record. Once it's published, our tool will validate it and tell you if anything's wrong.

Where should I send DMARC reports?

Aggregate reports (the rua tag) can go to a standard inbox, but they're machine-readable XML files that are hard to interpret by eye. In practice you'll want a dedicated DMARC reporting service to aggregate and visualise them. For small domains, the raw XML is usually enough to spot problems manually.