Home All Tools Security Analysis Email Security Checker

Email Security Checker

Check SPF, DKIM, and DMARC records for email security

Related Tools

SSL Checker

Verify SSL certificate details and validity

Security Headers Scanner

Scan for CSP, HSTS, X-Frame-Options

HTTP Headers Checker

Inspect response headers and server info

Port Scanner

Scan common ports (21, 22, 80, 443, etc.)

URL Redirect Checker

Track 301/302 redirect chains

What is an Email Security Checker?

An Email Security Checker checks if a domain is properly configured for email security in DNS. These records, SPF, DKIM, and DMARC, block email spoofing, phishing, and domain abuse.

Our Email Security Checker checks your domain's domain name system (DNS) TXT records and outputs each email authentication record that is found along with its value.

What are the records that are checked in email?

  • SPF (Sender Policy Framework) — The mail servers that are allowed to send email from your domain. This data is stored in a TXT record in the root domain.
  • DKIM (DomainKeys Identified Mail) — Adds an encrypted identity to outgoing emails to allow recipients to check that the email has not been tampered with on the way.
  • DMARC (Domain-based Message Authentication) — Indicates to the receiving servers what action to take with emails that do not meet the requirements of SPF and DKIM. It also provides reporting on authentication results.

Using the Email Security Checker

  • Type in a domain name (such as example.com).
  • Click Check Email Security Checker.
  • See the status of each email authentication record.

Why Is It Important To Use Email Authentication?

  • Avoid spoofered emails — If SPF and DKIM are not implemented, attackers can send emails from your domain.
  • Ensure deliverability — The big email service providers, like Gmail, Outlook, need proper authentication. Lack of records can cause emails to be delivered to the spam folder.
  • DMARC, which requires bulk email senders to have a DMARC record, is now enforced by Gmail and Yahoo. Emails may be rejected if domains are not using DMARC.
  • Brand protection – The prevention of bad actors using your domain name for phishing, thus leading to loss of trust and reputation.

The following are some tips on how to configure the email security checker.

  • Use SPF — List all valid mail sources: v=spf1 mx a ip4:1.2.3.4 ~all
  • Install DKIM — Create a DKIM key pair with your email provider and upload the public key as a DNS TXT record.
  • Start with p=none (report mode) and then switch to p=quarantine or p=reject.
  • Review DMARC reports — Check with a DMARC report analyzer to see who is sending email on your domain or not.

Privacy

Using our tool you can perform DNS TXT record lookup. There are no stored, logged or shared domains, results or IP addresses.

Frequently Asked Questions

What is SPF?

SPF, or Sender Policy Framework, is a TXT record in the DNS that provides a list of IP addresses and mail servers allowed to send e-mail on your domain. Receivers use this record to make sure the sender is a valid sender.

What is DKIM?

DKIM is an acronym for DomainKeys Identified Mail, which is used to put a digital signature in the headers of email messages. The receiving server checks the public key (published in your DNS) to ensure that the message was not altered and that it is from your domain.

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an extension of SPF and DKIM. It informs the receiver on how to proceed with emails that are not authenticated and offers reports to the domain owners on email activity.

The Email Security Checker is free?

Yes. No sign up, no limits and no captcha to stop.No sign up, no limits and no captcha to get stopped.

How do I fix the DKIM error that says "Not Found"?

DKIM also needs a specific "selector," such as google._domainkey. Our checker uses a generic selector which may not match your setup. Make sure to use the proper DKIM selector in your email provider documentation.