digtools
spf dkim dmarc,

SPF/DKIM/DMARC Checker

Verify your domain's SPF, DKIM, and DMARC records all at once.Securely check if your email authentication complies with modern sender guidelines.

🛡️
Bulk Verification
Check from domain name
Gmail Ready
Meets sender requirements
🔒
Secure Check
Browser-side processing
about,

SPF/DKIM/DMARC Email Authentication Checker Overview

The SPF/DKIM/DMARC Checker is a free utility that allows you to instantly inspect email sender authentication DNS records configured for a specified domain directly from your browser.

Recently, strict DMARC settings and anti-spoofing measures have become mandatory due to guideline changes by major email providers like Gmail and Yahoo. With this tool, you can quickly verify whether your SPF, DKIM, and DMARC records are properly published.

Since the domain information you input is sent directly from your browser to public DNS (Google DoH), no search history is retained on our servers, ensuring your data remains completely private and secure.

how to,

How to Test & Verify Email Authentication Records

STEP 1

Enter Domain Name

Input the domain name you want to verify (e.g., example.com).

STEP 2

Enter Selector (Optional)

If you want to check DKIM, enter the selector name provided by your email delivery system (e.g., google, default).

STEP 3

Run Check

Click the "Check Now" button to display the publication status of each authentication record.

glossary,

Email Security & Authentication Glossary

SPF (Sender Policy Framework)
A mechanism that uses the sender's IP address to prove to the receiving server that an email was sent from an authorized server belonging to the domain. It is configured as a DNS TXT record beginning with "v=spf1".
DKIM (DomainKeys Identified Mail)
A system that attaches a cryptographic digital signature to outgoing emails, proving the message has not been tampered with in transit and that the sender's domain is legitimate. Configuration requires registering a public key via a "selector".
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
A powerful security framework based on SPF and DKIM results that allows domain administrators to specify how receivers should handle emails that fail authentication (suspected spoofing) — whether to pass them through, quarantine them, or reject them outright.
Selector
An identifier (prefix) used to locate the DKIM public key in DNS. When organizations use multiple email delivery systems (Google, Microsoft, SendGrid, etc.), selectors prevent key conflicts by distinguishing each system's key.
Envelope-From / Header-From
The "Envelope-From" is the behind-the-scenes sender address used in SMTP server communication, which SPF validates. The "Header-From" is the sender address users see in their email client. Malicious senders can forge these, making DMARC alignment verification essential.
Alignment
In DMARC authentication, alignment checks whether the domain in the user-visible "Header-From" matches the domain authenticated by SPF or DKIM. Only when these domains align can the email be considered non-spoofed.
DMARC Policy (p= tag)
Within a DMARC record, specifies p=none (monitor only), p=quarantine (send to spam folder), or p=reject (block delivery) to instruct receiving servers on how to handle authentication failures.
faq,

Frequently Asked Questions About SPF/DKIM/DMARC

Q.What are the 2024 Gmail sender guideline changes?
Starting February 2024, Google now requires all senders emailing Gmail users to configure SPF or DKIM authentication. Bulk senders (5,000+ emails/day) must also configure DMARC. Emails failing these requirements are more likely to be rejected or placed in spam.
Q.I don't know my DKIM selector.
You can find the selector in the admin console of your server or email delivery service (e.g., Google Workspace, SendGrid). It is usually a service-specific string like "google" or "s1".
Q.I set it up, but it still says "Not set".
It can take anywhere from a few minutes to up to 72 hours for DNS changes to propagate across the internet. Please wait a while and try again.
Q.Which DMARC policy should I use?
Start with p=none (monitoring mode) which has no impact on delivery. Once you analyze reports and confirm legitimate emails aren't blocked, gradually move to p=quarantine (quarantine) or p=reject (reject).
Q.What does "Too many DNS lookups" mean for SPF?
The SPF specification limits the number of DNS lookups (via include, redirect, etc.) to a maximum of 10. If you use multiple email services and exceed this limit, authentication will fail. To fix this, remove unnecessary entries or flatten (merge) your SPF record.
Q.Are my searches saved on the server?
No. The domain information you enter is sent directly from your browser to Google's public DNS API, so no data is retained on our site.
Q.Can I check authentication for subdomains?
Yes. By entering a subdomain (e.g., mail.example.com), you can independently verify the SPF and DMARC records set for that specific subdomain.
Q.What happens if I ignore authentication errors?
Without proper email authentication, anyone can send spoofed emails pretending to be from your domain (phishing attacks). This can damage your brand reputation and cause legitimate emails to your customers and partners to be blocked or lost.
use cases,

Use Cases

🏢

Complying with Gmail Guidelines

Quickly audit your domain's DMARC compliance to meet the new, strict email sender requirements set by Google.

📨

Integrating Newsletter Services

Verify that the SPF or DKIM records provided by third-party delivery services like SendGrid or Mailchimp are correctly reflected in your DNS.

🛡️

Preventing Email Spoofing

Regularly check that your DMARC policies are published properly to prevent phishing scams and spam claiming to be from your domain.

🔍

Auditing Partner Security

Externally investigate whether a business partner's domain has configured basic email authentication (like SPF) to meet security standards.

Related Tools

Network & InfrastructureView all
📡

DNS Record Checker

Check A, MX, TXT, CNAME records instantly

🔐

SSL Certificate Checker

Check SSL expiry date and specific certification details

📧

Email Header Analyzer

Trace routing paths and authentication results

🔒

HTTP Header Checker

Check response headers & security diagnostics

🌍

Check Global IP Address

Instantly find out your current public IP address

🔌

MAC Address Vendor Lookup

Identify device vendor from MAC address OUI

🌐

Subnet & CIDR Calculator

Calculate subnet masks and host ranges instantly

🔍

Whois Lookup

Search and check domain registration and nameserver info

All Categories

Web & Developer Tools CSS Generators Image & Photo Tools Video & Audio Tools SEO & Marketing Network & Infrastructure Text Analysis & Processing Finance & Salary Tools Date & Calendar Tools Document & Business Tools Games & Events Life & Health Top Page

Send Feedback

Please let us know your thoughts to help us improve the tool.

Disclaimer

The tools provided on this site are completely free to use, but please use them at your own risk. We make no guarantees regarding the accuracy, completeness, or safety of any calculation results, conversion results, or generated data. Please be aware that the operator assumes no responsibility for any damages or troubles caused by the use of these tools. Most tools process files and calculations locally in your browser, meaning your inputted data is neither sent to nor stored on our servers.