dmarc_lookup: look up DMARC policy for a domain
dmarc_lookup example.com [ --verbose ]
Query the DNS for a DMARC policy for a (sub)domain. Displays any found results as the DNS record as a perl object. In the simplest case, where the domain name in the email From header matches the Organizational Domain, this is roughly equivalent to the following commands:
dig +short _dmarc.example.com TXT print $_->txtdata."\n" for Net::DNS::Resolver->new(dnsrch=>0)->send('_dmarc.example.com','TXT')->answer;
When the domain name in the email From header (header_from) is not an Organizational Domain (ex: www.example.com), an attempt is made to determine the O.D. using the Mozilla Public Suffix List. When the O.D. differs from the header_from, a second DNS query is sent to _dmarc.[O.D.].
A DMARC record in DNS format looks like this:
v=DMARC1; p=reject; adkim=s; aspf=s; rua=mailto:email@example.com; pct=100;
DMARC records are stored as TXT resource records in the DNS, at _dmarc.example.com.
Other ways to retrieve a DMARC record for a domain are:
Matt Simerson <firstname.lastname@example.org>
Davide Migliavacca <email@example.com>
Marc Bradshaw <firstname.lastname@example.org>