Email Authentication Checker
Spoofers love domains with weak email authentication. SPF, DKIM, and DMARC are the three records that tell the world which servers may send mail as you and what to do with anything that fails. This tool reads all three and tells you whether your domain is genuinely protected — or quietly forgeable.
What you get
- The SPF record and the servers it authorizes to send on your behalf.
- Your DMARC policy and how strictly it is enforced — none, quarantine, or reject.
- Whether DKIM signing is present, the third leg of the authentication stool.
- The gaps that let attackers spoof your domain or push your mail into spam.
Frequently asked questions
- What do SPF, DKIM, and DMARC each do?
- SPF lists who may send for your domain, DKIM cryptographically signs your messages, and DMARC ties the two together and tells receivers how to handle failures. You want all three working.
- I have SPF but my mail still goes to spam — why?
- SPF alone is rarely enough. Without DKIM and an enforcing DMARC policy, the major providers treat your domain as only partially trustworthy.
- What's a safe DMARC policy to start with?
- Begin at p=none to monitor without affecting delivery, review the reports, then tighten to quarantine and finally reject once you're confident nothing legitimate is failing.
- Does a check cost credits?
- This page is free. An email-authentication check costs 1 credit, with cached re-checks of the same domain free.