IS YOUR DOMAIN PROTECTED
FROM EMAIL SPOOFING?
CHECK Scanning a domain for DMARC issues INSTANTLY WITH
DMARCFLOW.

What is the risk of my Domain? - Free Instant DMARC Record Scan.

Enter your domain to immediately see if you are susceptible to spoofing, phishing or deliverability issues.

Please enter a valid domain.
You must agree before scanning.
DMARC scan chart illustration

Protect your domain -
Here's Why This Matters

Without DMARC, you're vulnerable to email spoofing. Phishing emails can be sent from your domain, damaging your reputation and putting customers at risk.

Customer trust Customers lose trust instantly when spoofed emails appear to come from you
Brand impersonation No control over your name - anyone could impersonate your brand
Deliverability impact Inbox placement suffers, hurting legitimate email delivery
Video placeholder

External content blocked

To protect your privacy, YouTube is not loaded without your consent.

By clicking, you agree to load content from YouTube (Google). See our Privacy Policy.

What Is Decorative underline DMARC?

DMARC dashboard preview

DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving mail servers how to handle messages that fail SPF/DKIM checks.

You gain visibility via aggregate reports. DMARCFlow visualizes them so you can see who sends on your behalf.

Full control Full Control
Fraud prevention Fraud Prevention
Deliverability Deliverability

Why Choose DMARCFlow for
DMARC lookups

Your trusted solution for email authentication, monitoring, and protection.

DMARC Record Checker
DMARC Record Checker

Instantly validate your domain's DMARC record to uncover weaknesses and improve protection.

DKIM Tools
DKIM Tools

Generate, test, and analyze DKIM records to ensure messages are signed and verified.

SPF Record Optimizer
SPF Record Optimizer

Simplify and flatten complex SPF records to avoid DNS lookup limits.

BIMI Management
BIMI Management

Strengthen brand visibility by displaying your verified logo in inboxes.

Domain Risk Scanner
Domain Risk Scanner

Scan for threats and misconfigurations to keep your email infrastructure secure.

Why Email Security Matters -
And How DMARCFlow Makes the Difference

See how your domain security changes with and without DMARC protection.

WITHOUT DMARCFLOW
No visibility into email threats Manual setup and DNS confusion Legit emails often land in spam Customers lose trust in your brand Hackers can spoof your domain
WITH DMARCFLOW
Setup and support from real experts Real-time monitoring AI-powered insights and reporting Safe step-by-step validation Guided automation, no tech skills needed Higher inbox placement & deliverability Strengthened brand reputation Domain fully protected from spoofing

DMARCFlow doesn’t just detect problems -
it prevents them before they happen.

Stay in control, stay protected, and stay trusted.

Everything You Need To Protect
Your Email Infrastructure

Explore a complete set of tools built to strengthen your email security and safeguard your domain

Comprehensive reporting
Comprehensive Reporting & Analysis
  • Actionable insightsGet actionable insights into your domain's authentication
  • Spoofing detectionDetect spoofing attempts and misconfigurations quickly
  • Visual dashboardsVisual dashboards and detailed reports for full transparency
User-friendly interface
User-Friendly
Interface
  • Clean dashboardClean, intuitive dashboard for all experience levels
  • Easy DMARC managementEasily manage, analyze, and configure DMARC
  • Guided setupStep-by-step setup guides and helpful prompts
Enhanced email security
Enhanced Email
Security
  • Defend your domainDefend your domain from phishing and impersonation
  • Verified sourcesEnsure only verified sources can send on your behalf
  • Threat alertsReceive alerts to stay ahead of threats
Advanced DNS record checking
Advanced DNS Record Checking
  • Validate SPF/DKIM/DMARCInstantly validate SPF, DKIM, and DMARC records
  • Find misconfigurationsIdentify misconfigurations that impact security
  • Expert recommendationsGet expert recommendations for optimal setup
Tailored solutions
Tailored for Every Use Case
  • For MSPs and enterpriseTools built for MSPs, enterprises, and growing teams
  • ScalableScalable solutions for businesses of any size
  • Regular updatesRegular feature updates for evolving needs
Trusted by many
Trusted by Thousands Worldwide
  • Trusted across industriesTrusted across industries from startups to global brands
  • Recognized serviceRecognized for dependable results and outstanding service

How to Interpret Your DMARC Check Results

What each DMARC policy and alignment status means — and what action to take.

Pass

The email passed DMARC. Either SPF or DKIM (or both) aligned with the From: domain, and a valid DMARC policy exists. Your domain is properly authenticated for this message.

Fail

Neither SPF nor DKIM alignment passed. Your DMARC policy applies: p=none means the email is still delivered (but logged), p=quarantine sends it to spam, p=reject blocks it outright. Review which sending sources are failing alignment.

p=none

Monitor-only mode. Your DMARC record exists but makes no enforcement decision. Emails that fail alignment are still delivered. This is a starting point — use it to review aggregate reports before moving to enforcement. Do not stay here permanently.

p=quarantine

Failing emails are sent to spam/junk. This is a transitional enforcement step. Good for catching remaining alignment issues with real traffic before moving to full rejection. Move to p=reject once your DMARC reports show a clean pass rate.

p=reject

Full enforcement. Emails that fail DMARC alignment are rejected outright — they never reach the recipient's inbox. This is the target state. It provides the strongest protection against domain spoofing and phishing.

No Record

No DMARC TXT record found at _dmarc.yourdomain.com. Your domain has no DMARC policy — it is completely unprotected against spoofing. Publish a DMARC record immediately, even starting with p=none to begin collecting reports.

Common DMARC Failures and How to Fix Them

The most frequent reasons DMARC fails — based on what DMARC aggregate reports actually show.

SPF alignment failure from third-party senders

When you send email through a CRM, marketing platform, or helpdesk, that service sends from its own mail servers. SPF may pass for the service's domain, but the Return-Path domain doesn't match your From: domain — so SPF alignment fails.

Fix: Configure DKIM signing with your own domain on every third-party sender. DKIM alignment is typically easier to achieve than SPF alignment for external services.

Forwarded email causing DMARC failures

Email forwarding rewrites the envelope sender, breaking SPF alignment. The original DKIM signature may also be invalidated if the message body is modified. This generates DMARC failures in your aggregate reports even though the original sender is legitimate.

Fix: Ensure DKIM is configured with relaxed canonicalization. DKIM survives forwarding when the body is not modified. You can also use the pct tag to apply policy to a percentage of mail while diagnosing forwarding sources.

Subdomain not covered by DMARC

A DMARC record at _dmarc.yourdomain.com applies to the root domain. Subdomains (mail.yourdomain.com, newsletter.yourdomain.com) are only covered if you explicitly add sp=reject or publish their own DMARC records.

Fix: Add sp=reject to your root DMARC record, or publish dedicated DMARC records for actively used subdomains. Unused subdomains that could be spoofed should have their own p=reject records.

DMARC reports not being received

If your DMARC record has a rua= tag but you're not receiving aggregate reports, either the email address is wrong, the receiving mailbox is rejecting reports, or a cross-domain authorization record is missing (_dmarc record at the receiving domain).

Fix: Verify the rua address is correct and active. If reports go to a different domain (e.g., a monitoring service), ensure that domain has published a _dmarc authorization record. DMARCFlow handles this automatically.

Frequently Decorative underline Asked
Questions

Everything you need to know about DMARC checking

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that helps protect your domain from spoofing and phishing.

No. DMARCFlow is designed for all users. We guide DNS setup, analysis, and reporting.

Our AI detects anomalies, false positives, and unusual sending behavior faster than manual analysis.

Yes-DMARCFlow is GDPR-compliant and runs on secure European infrastructure with strict data protection.

Yes. DMARCFlow visualizes unauthorized senders so you can identify misuse attempts in near real time.

SPF and DKIM authenticate senders and content. DMARC builds on them to define handling of failures and provides feedback via reports.

Yes. A properly enforced DMARC policy increases mailbox trust and inbox placement.

Under 5 minutes. Add a DNS record and follow our guided steps.

Anyone can send emails pretending to be you-hurting reputation and delivery, and creating legal risk.

Yes-personal plans let you try DMARCFlow risk-free and see value from day one.