Free tool

SPF, DKIM & DMARC checker

Enter a domain. We'll query public DNS, parse your authentication records, and tell you exactly what passes, what fails, and what to fix — in plain English. No signup, no email.

We query public DNS records only. Nothing is stored. If you don't know your DKIM selector, leave it blank — we'll try common ones.

What this checker actually verifies

SPF

Confirms a single SPF record exists, counts the DNS lookups (the spec allows ≤10), and checks that the record ends in ~all or -all. Flags +all, duplicate records, and lookup chains that will permerror.

DKIM

Looks up your selector (or tries common ones — google, selector1, s1, default), validates the public key, estimates key strength, and warns on testing-mode flags.

DMARC

Checks _dmarc.yourdomain.com for a valid policy, reporting destinations, and percentage. Flags missing rua= (you can't see who's spoofing you), bad policies, and partial-rollout misconfigurations.

MX

Sanity-checks that mail-receiving records exist. Useful for catching orphan send-only domains and confirming your DMARC reports have somewhere to land.

Why authentication matters in 2026

Since Google and Yahoo's February 2024 sender requirements, SPF, DKIM, and DMARC are no longer optional for anyone sending more than a handful of messages a day. Bulk senders (5,000+/day to Gmail) are required to publish all three; smaller senders without them increasingly land in spam by default.

Cold-email volume falls in the same risk bucket. If your records are misconfigured — or worse, missing — your message is fighting an uphill battle before the subject line even gets read.

Two posts to read alongside this tool: