SPF / DKIM / DMARC Checker
Enter a domain to check the three anti-spoofing email mechanisms (SPF, DKIM, DMARC) in DNS, with the gaps and how to fix them.
This tool only queries DNS TXT records (it never connects to the target server). Your data is never sent. Because DKIM selectors aren't public, it probes a list of common selectors.
How to use
- 1Enter your sending domain (an email address works too).
- 2SPF, DKIM and DMARC DNS records are inspected.
- 3Harden the “missing” / “weak” items using the shown fixes.
Why it matters
SPF, DKIM and DMARC are the trio that stop spoofed (impersonation / phishing) email from your domain. SPF validates the sending IP, DKIM checks a signature, and DMARC declares what to do with fakes (quarantine/reject). The key is not to leave DMARC at p=none (monitor only) — step it up to quarantine then reject.
FAQ
QDKIM shows 'missing' but I have it set up.
A
DKIM selectors (e.g. google, brevo1) differ per provider and can't be enumerated from DNS. This tool probes common selectors, so a custom one may go undetected. Check `selector._domainkey.domain` with your provider's selector.
QIs DMARC p=none not enough?
A
none means 'monitor only, do nothing'. Start at none with reports (rua), then raise to quarantine (to spam) and reject — that's what actually stops spoofing.