Free tool
Free Email Security Checker (SPF / DKIM / DMARC)
Can someone spoof email from your domain? Check in 10 seconds.
Free. No account. Results in under 60 seconds.
What it checks
Every check, explained
- 01SPF record — which IPs can send as your domain?
- 02DMARC record — what happens when SPF/DKIM fail?
- 03DMARC policy — none, quarantine, or reject?
- 04DKIM selectors — common providers checked
- 05MX records — where your email is delivered
Why it matters
Why you should care
Without SPF, DKIM, and DMARC, attackers can send phishing email that appears to come from your domain. Gmail and Yahoo now require DMARC for bulk senders — without it, your own email goes to spam.
How it works
What happens when you paste a URL
We run DNS lookups (TXT and MX queries) against your domain. No email is sent, no accounts touched. The checks take 5-10 seconds.
FAQ
Frequently asked questions
- Do I need all three — SPF, DKIM, and DMARC?
- Yes. They work together: SPF says which servers can send, DKIM signs the messages, DMARC says what receivers should do when the first two fail.
- I don't send email from my domain. Do I still need these?
- Yes. Set `v=spf1 -all` and `v=DMARC1; p=reject` to explicitly block anyone from spoofing as you.
Fix guides
If this check fails, here is what to do
Missing SPF record
Without SPF, anyone can send email that looks like it came from your domain. Here is the one DNS record you need to stop that.
Read moreMissing DMARC record
DMARC tells receiving mail servers what to do with email that fails SPF or DKIM — quarantine, reject, or nothing. Here is how to set it up.
Read moreMissing DKIM record
DKIM signs your outgoing email so receivers can verify it was not tampered with. Here is how to enable it through your email provider.
Read moreGlossary
Learn the concepts
Sender Policy Framework
SPF is a DNS record listing which IP addresses are allowed to send email from your domain. The first line of email authentication.
Read moreDomain-based Message Authentication, Reporting & Conformance
DMARC tells receiving mail servers what to do with email that fails SPF or DKIM checks. The single most important email security record.
Read moreDomainKeys Identified Mail
DKIM is a digital signature on outgoing email, letting receivers verify it came from you and was not tampered with.
Read more