Free tool

Free Email Security Checker (SPF / DKIM / DMARC)

Can someone spoof email from your domain? Check in 10 seconds.

Free. No account. Results in under 60 seconds.

What it checks

Every check, explained

  • 01SPF record — which IPs can send as your domain?
  • 02DMARC record — what happens when SPF/DKIM fail?
  • 03DMARC policy — none, quarantine, or reject?
  • 04DKIM selectors — common providers checked
  • 05MX records — where your email is delivered

Why it matters

Why you should care

Without SPF, DKIM, and DMARC, attackers can send phishing email that appears to come from your domain. Gmail and Yahoo now require DMARC for bulk senders — without it, your own email goes to spam.

How it works

What happens when you paste a URL

We run DNS lookups (TXT and MX queries) against your domain. No email is sent, no accounts touched. The checks take 5-10 seconds.

FAQ

Frequently asked questions

Do I need all three — SPF, DKIM, and DMARC?
Yes. They work together: SPF says which servers can send, DKIM signs the messages, DMARC says what receivers should do when the first two fail.
I don't send email from my domain. Do I still need these?
Yes. Set `v=spf1 -all` and `v=DMARC1; p=reject` to explicitly block anyone from spoofing as you.

Fix guides

If this check fails, here is what to do

Missing SPF record

Without SPF, anyone can send email that looks like it came from your domain. Here is the one DNS record you need to stop that.

Read more

Missing DMARC record

DMARC tells receiving mail servers what to do with email that fails SPF or DKIM — quarantine, reject, or nothing. Here is how to set it up.

Read more

Missing DKIM record

DKIM signs your outgoing email so receivers can verify it was not tampered with. Here is how to enable it through your email provider.

Read more

Glossary

Learn the concepts

Sender Policy Framework

SPF is a DNS record listing which IP addresses are allowed to send email from your domain. The first line of email authentication.

Read more

Domain-based Message Authentication, Reporting & Conformance

DMARC tells receiving mail servers what to do with email that fails SPF or DKIM checks. The single most important email security record.

Read more

DomainKeys Identified Mail

DKIM is a digital signature on outgoing email, letting receivers verify it came from you and was not tampered with.

Read more