Free SPF, DKIM, and DMARC checker
Enter a domain name to check its email authentication DNS records.
No registration or email required. We don't save any information from this tool.
Already have an email to inspect? Use our email header analyzer to see the actual authentication results from a delivered message.
What are SPF, DKIM, DMARC, and MX?
SPF (Sender Policy Framework) specifies which mail servers are authorized to send email for your domain, helping prevent spoofing. If your record is missing or uses ~all, consider adding or tightening it. Use -all once all your sending sources are confirmed.
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing emails, allowing receivers to verify the message was not altered in transit. If DKIM is missing, check with your email provider — they will give you a selector and a TXT record to publish.
DMARC (Domain-based Message Authentication, Reporting and Conformance) builds on SPF and DKIM to tell receiving mail servers what to do with unauthenticated messages, and where to send reports. Start with p=none to collect reports, then move to p=quarantine and eventually p=reject once you're confident your legitimate mail is passing.
MX (Mail Exchanger) records tell other mail servers where to deliver email for your domain. Without MX records, no-one can send email to your domain.
BIMI (Brand Indicators for Message Identification) lets you display a verified logo next to your emails in supporting mail clients such as Gmail. BIMI requires a DMARC policy of p=quarantine or p=reject to be in place first.
A free tool provided by Auth-Email
Auth-Email makes your Gmail, Outlook, or other OAuth 2.0 email account available to any IMAP, POP3, or SMTP email client — no app passwords or special configuration needed.