🛠️ DMARC Tools

📖 Why This Matters

Email is one of the most abused communication channels on the internet. Attackers frequently forge ("spoof") emails to impersonate trusted domains — like banks, governments, or your company — to trick users into clicking malicious links or giving up sensitive data.

To combat this, modern email security standards like SPF, DKIM, and DMARC were introduced:

• SPF (Sender Policy Framework): Specifies which IP addresses or servers are allowed to send emails on behalf of your domain.
• DKIM (DomainKeys Identified Mail): Ensures the message content hasn’t been altered in transit and verifies it was authorized by the sender domain.
• DMARC (Domain-based Message Authentication, Reporting, and Conformance): Builds on SPF and DKIM, allowing domain owners to declare how unauthenticated messages should be handled — reject, quarantine, or monitor them.

🧰 About This Toolset

This site helps you test, validate, and simulate how these email security protocols work for your domain — using public DNS lookups in real time. It’s free, fast, and privacy-friendly.

🧪 Tool Descriptions

• 📬 DMARC Record Checker:
  Enter your domain (e.g., example.com) to view its published _dmarc record. The tool explains each part of the policy and highlights issues like missing `rua`, weak policy (`none`), or misalignment.
• 🛡️ SPF Record Checker:
  Fetch the SPF TXT record for your domain and display its mechanisms (e.g., `ip4`, `include`, `all`). This helps ensure your authorized mail servers are correctly listed.
• 🔐 DKIM Record Checker:
  Provide a domain and selector (e.g., default._domainkey.example.com) to retrieve and validate the public DKIM key. This is critical for verifying DKIM is correctly deployed.
• 🌐 DNS Health Dashboard:
  Lookup specific DNS records (A, MX, TXT, NS, etc.) to verify that your domain is reachable, properly configured, and responding with expected values.
• 🧮 DMARC Record Generator:
  Use a guided form to create a DMARC record from scratch — selecting your policy (`none`, `quarantine`, or `reject`), adding report recipients, and choosing alignment settings.
• 🎯 DMARC Policy Simulator:
  Simulate a real-world email delivery scenario. Choose whether SPF and DKIM passed or failed, and whether they were aligned. The tool shows if DMARC would pass or fail and explains why.

🔒 Privacy and Safety

This tool uses only public DNS resolvers (like Cloudflare DNS) and performs no authentication or logging. No data is stored, tracked, or shared. It’s safe to test with real production domains.

💡 Tips

• Use quarantine or reject DMARC policies in production — avoid none unless you're in monitoring mode.
• Publish an rua address to receive aggregate DMARC reports.
• Make sure SPF and DKIM are both passing and aligned for best protection.
• Test changes after DNS propagation (can take 5–30 minutes).