Plunk logo
Plunk
§ T-05  —  Tool← All tools

DMARC record
checker

Look up and validate your domain's DMARC record. Understand your current policy, reporting configuration, and get clear advice to progress toward full enforcement.

DMARC record lookup

Enter the domain without http:// or www.

§ 01DMARC explained

From monitoring to full enforcement.

DMARC is a journey. Start with none, build confidence, then enforce.

Step 01p=none

Monitor

Start here. DMARC is active but no action is taken on failures. Add rua= to receive aggregate reports and identify all your sending sources.

Step 02p=quarantine

Quarantine

Once you're confident all legitimate senders pass, move to quarantine. Failing messages are sent to spam, reducing spoofing impact.

Step 03p=reject

Reject

Full enforcement. Failing messages are rejected by receiving servers. This is the goal — it completely prevents domain spoofing.

Email that reaches the inbox.

Plunk walks you through SPF, DKIM, and DMARC setup and monitors your sending reputation over time.

Start with PlunkWhat is DMARC?

Frequently asked questions

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication policy that builds on SPF and DKIM. It tells receiving mail servers what to do when an email fails authentication — none (monitor), quarantine (spam folder), or reject (block). DMARC also enables reporting so you can see who is sending email from your domain.

What is the difference between p=none, quarantine, and reject?

p=none means DMARC is in monitoring mode — failures are reported but emails are still delivered. p=quarantine instructs receiving servers to put failing messages in the spam/junk folder. p=reject instructs servers to reject failing messages entirely. The recommended path is to start at p=none, review reports, then progress to quarantine and finally reject.

What are DMARC aggregate reports?

Aggregate reports (rua=) are XML reports sent by receiving mail servers summarising how many messages passed or failed SPF and DKIM for your domain. They help you identify all sources sending on your behalf, catch misconfigurations, and detect spoofing attempts. Use a DMARC reporting service to parse and visualise these reports.

Why do I need DMARC if I already have SPF and DKIM?

SPF and DKIM independently authenticate different aspects of an email, but neither specifies what to do when authentication fails. DMARC ties them together and enforces a policy. Without DMARC, even a domain with perfect SPF and DKIM offers no protection against spoofing of the visible From header.

What is DMARC alignment?

DMARC alignment requires that the domain in a passing SPF or DKIM check matches (or aligns with) the From header domain. Relaxed alignment (r) allows subdomains; strict alignment (s) requires an exact domain match. Alignment is what connects SPF/DKIM to the From header the user sees.