DNS & Email Authentication Checker

Verify SPF, DKIM, and DMARC records for any domain. Checks 20+ common DKIM selectors, detects your email provider, and flags misconfigurations that hurt cold email deliverability.

What We Check

• SPF (Sender Policy Framework) — Verifies which mail servers are authorized to send email for your domain. Checks for +all misconfigurations, DNS lookup limits, and ESP includes.
• DKIM (DomainKeys Identified Mail) — Scans 20+ common selectors (google, default, selector1, selector2, s1, k1, etc.) for cryptographic signing keys. Checks key length and testing mode.
• DMARC (Domain-based Message Authentication) — Validates your _dmarc TXT record, checks policy enforcement level (none/quarantine/reject), report recipients, and alignment settings.
• MX Records — Identifies your email provider (Google Workspace, Microsoft 365, Zoho, etc.) from your mail exchange records.

Why Email Authentication Matters

• Without SPF, anyone can spoof your domain — your emails are more likely to be rejected
• Without DKIM, receiving servers can't verify your emails weren't tampered with in transit
• Without DMARC, there's no policy for handling authentication failures — your domain is vulnerable to spoofing
• All three are required for cold email deliverability — Gmail and Microsoft 365 increasingly reject unauthenticated mail

Email Authentication Quick Reference

SPF

Publishes a list of servers allowed to send email for your domain. Receiving servers check the sending IP against this list.

DKIM

Adds a digital signature to every outgoing email. The receiving server verifies this against the public key in your DNS.

DMARC

Tells receiving servers what to do when SPF or DKIM fails. Also enables aggregate and forensic reporting.

MX

Specifies which servers handle incoming email for your domain.