SPF / DKIM / DMARC Checker
Check a domain’s email authentication
See whether a domain has valid SPF, DKIM and DMARC records — the three signals that decide whether its mail is trusted or treated as spam and forgery.
How to read the results
- 1.Enter a domain. SPF and DMARC are found automatically; for DKIM we try common selectors, or you can supply the exact one.
- 2.SPF lists which servers may send for the domain; DKIM cryptographically signs mail; DMARC tells receivers what to do when the first two fail.
- 3.A healthy domain has all three, with a DMARC policy of quarantine or reject.
Why it matters
Missing or broken email authentication is the number-one reason legitimate mail lands in spam — and an open door for anyone to forge messages from the domain.
Frequently asked questions
DKIM shows "not found" — is that a problem?
Maybe not — DKIM lives under a selector name we may not have guessed. Enter the exact selector (visible in a real message’s headers) to check precisely.
What DMARC policy should I aim for?
Start at p=none to monitor, then move to quarantine and finally reject once you confirm legitimate mail passes.

