Free DMARC Checker

Check your domain's DMARC policy

Enter any domain to validate DMARC. We check your policy strength, flag the duplicate-record bug that silently disables DMARC, and give you the exact TXT record to publish — now required by Google and Yahoo for bulk senders.

2DMARC records on one domain means zero protection — receivers ignore DMARC entirely (RFC 7489).

Why DMARC matters for you

DMARC ties SPF and DKIM together and tells receiving servers what to do when a message fails authentication — monitor it, quarantine it, or reject it. It’s the record that actually stops attackers from spoofing your domain to phish your customers and partners.

Since 2024, Google and Yahoo require a DMARC record for bulk senders. No DMARC increasingly means worse inbox placement and zero protection against someone impersonating your brand in your customers’ inboxes.

How DMARC quietly breaks

The most common state is a policy stuck at p=none — it monitors but blocks nothing, so you have a DMARC record that provides no real protection at all. Plenty of teams set it up, see “DMARC: present,” and never move past monitoring.

The silent killer is duplicate records. If more than one _dmarc TXT record exists — a registrar auto-publishes one, then you or a tool adds another — receivers ignore DMARC entirely under RFC 7489. You believe you’re protected, and you’re not.

Two _dmarc records = DMARC ignored entirely (RFC 7489). You think you’re protected. You’re not.

How Zeqo works for you

This checker validates your policy strength, flags the duplicate-record trap, and hands you the exact TXT record to publish — starting safely at monitoring and showing you how to ratchet up to enforcement once SPF and DKIM are confirmed working.

Zeqo Mail watches your DMARC policy and your incoming DMARC reports continuously, so if a record gets duplicated, weakened, or removed, you know immediately rather than months later.

It also turns the raw aggregate reports into plain English, so you can see who’s actually sending as your domain and tighten your policy with confidence instead of guessing.

Start monitoring free →

More free tools

Email Deliverability Checker

Check SPF, DKIM, DMARC, blacklists and MX in one go.

SPF Checker

Validate SPF and catch the 10-lookup PermError trap.

DKIM Checker

Verify DKIM signing on the right provider selector.

Blacklist Check

See if your sending IP is on major email blacklists.

Email Deliverability Test

Run a full inbox-readiness test and get one clear verdict.

SPF Record Generator

Build a valid SPF record from your sending sources.

DMARC Record Generator

Build a DMARC record with the right policy and reports.

Frequently asked questions

What does p=none mean in DMARC?+

p=none only monitors — it reports authentication failures but doesn’t block spoofed mail. Once SPF and DKIM are confirmed working, move to p=quarantine or p=reject for real protection.

Can duplicate DMARC records break protection?+

Yes. If more than one _dmarc record exists, receivers ignore DMARC entirely under RFC 7489 — so you have no protection even though a record is present.

Is DMARC required?+

Google and Yahoo require a DMARC record for bulk senders (since 2024). Even below that threshold, DMARC is the only thing that actually stops attackers from spoofing your domain.

What DMARC record should I start with?+

Start at v=DMARC1; p=none; rua=mailto:you@yourdomain.com to monitor safely, then tighten the policy to quarantine or reject once your reports look clean.

Keep reading

8 min read

DMARC Reports Explained: How to Read Them and Fix What They Reveal

Set up DMARC and the reports start rolling in — as unreadable XML. What they actually tell you, and how to use them to lock down your domain.

8 min read

SPF, DKIM & DMARC Explained: A Plain-English Guide for Founders

The three DNS records that decide whether your email lands in the inbox — explained without the jargon, plus how to check yours in 30 seconds.