Question 1

What is a DMARC record?

Accepted Answer

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a DNS TXT record published at _dmarc.yourdomain. It tells receiving mail servers what to do when an email claiming to be from your domain fails SPF or DKIM checks: deliver it, quarantine it, or reject it. It also enables daily aggregate reports so you can see who is sending as your domain.

Question 2

What do the DMARC policy values mean?

Accepted Answer

There are three values: p=none means take no action on failing mail (monitoring mode, good for starting out); p=quarantine means send failing mail to the spam folder; p=reject means block failing mail outright. Most experts recommend reaching p=reject for the strongest protection against domain spoofing and phishing.

Question 3

Why is my DMARC showing a warning even though it exists?

Accepted Answer

A DMARC record can be valid but still not fully protecting your domain. Common reasons include having p=none (monitoring only, no enforcement), not including a rua= reporting address (so you have no visibility into failing mail), or having SPF and DKIM misaligned with the From domain. Our checker highlights each of these issues individually.

Question 4

What is DKIM and why does it matter?

Accepted Answer

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outbound emails. Your mail provider signs messages with a private key; receivers verify the signature using a public key in DNS. DKIM signatures survive email forwarding (unlike SPF), which makes them essential for DMARC alignment. The 'selector' is a label your provider uses to name their public key in DNS.

Question 5

My DKIM check shows 'not found'. Does that mean I have no DKIM?

Accepted Answer

Not necessarily. DKIM selectors are not standardized, and every provider can choose any name. Our tool checks the most common ones (google, default, selector1, selector2, etc.), but your provider may use a custom selector. Log in to your email provider's dashboard to find the exact selector and verify it directly.

Question 6

How do I fix an SPF record that has too many DNS lookups?

Accepted Answer

SPF allows a maximum of 10 DNS-resolving mechanisms per evaluation. If you are near or over that limit, you can: remove services you no longer use, replace include: statements with flat IP ranges (ip4:/ip6:), or use an SPF flattening tool that combines everything into direct IP ranges. SPF flattening needs regular updates as your providers change their IP ranges.

Question 7

Do I need MX records to send email?

Accepted Answer

No. MX records are only needed to receive email. If you use a domain exclusively for outbound campaigns (cold email, transactional mail), you may intentionally have no MX records. However, you still need SPF, DKIM, and DMARC to pass authentication checks on outbound mail.

Question 8

How often should I re-check my DMARC and email authentication?

Accepted Answer

Check after any DNS change, after adding a new email-sending tool, and a few times a year as routine maintenance. Deliverability problems often trace back to stale or misconfigured authentication records that have drifted over time.

Free DMARC Checker

What is DMARC?

DMARC policy levels explained

How DMARC, SPF, and DKIM work together

Why email authentication matters for deliverability

Frequently Asked Questions

Still have a question?