Walks the DNS tree for a domain and analyses its DMARC setup against the DMARCbis RFCs.
Why this matters: a missing or misconfigured DMARC record lets attackers spoof your domain in phishing emails, damages your sender reputation, and — since Gmail and Yahoo now require DMARC for bulk senders — can push legitimate mail straight into spam. Stale or deprecated tags left over from older DMARC specs can also silently blunt the protection you think you have. DMARC has also recently been updated (DMARCbis, RFC 9989/9990/9991) — existing records on your domain and subdomains may need changes to stay compliant and effective under the new rules.
We may use the email address you provide to contact you about GoCloudConsulting's services. We won't add you to a marketing list or send unrelated emails.
DMARC just changed. RFC 7489 (2015) has been replaced by RFC 9989/9990/9991 —
domain discovery now uses a DNS Tree Walk instead of the Public Suffix List, p=reject
can no longer be treated as a hard instruction, and several tags have been retired or added.
See what changed and what it means for your records →
DNS tree walk
Need help fixing this?
GoCloudConsulting helps organisations sort out DMARC, SPF, DKIM, BIMI, MTA-STS and broader
email deliverability and security issues — from a one-off record cleanup to ongoing management.