DMARC Record Analyzer
Analyze Domain-based Message Authentication, Reporting, and Conformance (DMARC) records to evaluate email spoofing policy configurations.
This interactive client-side tool is part of the NervLink Cybersecurity Suite. All analysis is verified entirely inside the local browser sandbox for maximum safety and data privacy compliance.
How It Works
- Analyze the DMARC TXT record located at the _dmarc subdomain prefix.
- Verify presence of required parameters like version (v) and policy (p).
- Parse reporting endpoints (rua/ruf), percentages (pct), and alignment policies (aspf/adkim).
Primary Use Cases
- Enforcing strict spoofing protection and alignment policies.
- Monitoring domain usage via XML aggregated reports.
- Ensuring compliance with secure mail requirements for major providers (Google, Yahoo).
Common Security Pitfalls
- Configuring a DMARC record without setting up SPF or DKIM first.
- Deploying a p=reject policy without testing with p=none and p=quarantine first, resulting in legit mail loss.
Frequently Asked Questions
- What does DMARC align do?
- DMARC verifies that the domain in the visible 'From' header matches the domain authenticated by SPF (Return-Path) and/or DKIM (Signature).
- What are rua and ruf tags?
- rua specifies the email address to receive aggregate XML reports (daily digests of mail flows), while ruf receives forensic failure reports (redacted copy of failed messages).
References & Standards