What are SPF, DKIM, and DMARC?

SPF (Sender Policy Framework) specifies which mail servers can send email for your domain. DKIM (DomainKeys Identified Mail) adds a digital signature to verify email integrity. DMARC (Domain-based Message Authentication, Reporting and Conformance) ties SPF and DKIM together with a policy for handling failed checks.

Why do I need email authentication records?

Without SPF, DKIM, and DMARC, anyone can forge emails appearing to come from your domain (spoofing). These records protect your brand, improve email deliverability, and prevent phishing attacks targeting your customers and employees.

Is this email authentication checker free?

Yes, this tool is completely free with no signup required. It performs real-time DNS lookups and provides detailed analysis of your email authentication configuration.

What DKIM selectors does this tool check?

This tool checks over 25 common DKIM selectors including those used by Google Workspace, Microsoft 365, ProtonMail, Fastmail, Mailchimp, SendGrid, Amazon SES, and more. You can also check custom selectors manually.

What is a good email security score?

An A+ score (90-100) means your domain has strong email authentication with SPF, DKIM, and DMARC all properly configured. A score below 60 indicates significant gaps that could lead to email spoofing or deliverability issues.

Free Online SPF/DKIM/DMARC Checker (No Signup)

Verify your domain's email authentication records in one lookup. Get a security score, find misconfigurations, and protect against email spoofing.

How to Use This Tool

Enter your domain — Type a domain name (e.g. example.com) in the search box, or click a quick-try chip
Click "Check Records" — The tool queries SPF, DKIM, and DMARC DNS records in real time
Review your security score — See an overall grade and score based on your email authentication setup
Explore each protocol tab — Click SPF, DKIM, or DMARC for detailed record analysis and recommendations
Check custom DKIM selectors — If your provider uses a non-standard selector, enter it manually for a targeted lookup

Common Use Cases

Why are my emails going to spam? Check whether SPF, DKIM, and DMARC are all properly configured — missing records are a top cause of deliverability problems
How do I prevent email spoofing of my domain? Verify your DMARC policy is set to "quarantine" or "reject" and that SPF and DKIM align correctly
Did my email provider's DNS setup work? After configuring Google Workspace, Microsoft 365, or another provider, run a check to confirm all authentication records are live

📧 SPF

Sender Policy Framework defines which mail servers are authorized to send email on behalf of your domain. Receiving servers check SPF to detect forged sender addresses.

🔑 DKIM

DomainKeys Identified Mail adds a cryptographic signature to outgoing emails. The recipient server verifies the signature using the public key published in DNS, proving the email was not tampered with.

🛡️ DMARC

Domain-based Message Authentication, Reporting and Conformance ties SPF and DKIM together. It tells receiving servers what to do when authentication fails and provides reporting so you can monitor abuse.

🛡️ SPF / DKIM / DMARC Checker

How to Use This Tool

Common Use Cases

📧 SPF

🔑 DKIM

🛡️ DMARC