Free Email Security Checker (SPF, DKIM, DMARC)
Test email authentication online. Validate SPF records, check DKIM configuration, verify DMARC policy, and analyze MTA-STS, TLS-RPT, BIMI & DANE. Ensure compliance with Google, Yahoo, and Microsoft bulk sender requirements.
SPF/DKIM/DMARC
Verify email authentication protocols to prevent spoofing and ensure deliverability to Gmail, Yahoo & Outlook
Compliance Check
Ensure compliance with mandatory Google, Yahoo, and Microsoft requirements for bulk email senders
Advanced Protocols
Check MTA-STS, TLS-RPT, BIMI, and DANE implementation for enhanced email security and branding
Comprehensive Email Security Analysis
Our scanner performs a thorough analysis of your domain's email security configuration, checking all critical protocols and records:
SPF Records
Sender Policy Framework validation and DNS lookup count analysis
DKIM Records
DomainKeys Identified Mail configuration and key verification
DMARC Policy
Domain-based Message Authentication policy and reporting URIs
MX Records
Mail server configuration and redundancy checks
MTA-STS
Mail Transfer Agent Strict Transport Security policy validation
TLS-RPT
TLS reporting configuration for monitoring email encryption
BIMI
Brand Indicators for Message Identification (logo display)
DANE/TLSA
DNS-based Authentication of Named Entities for certificate validation
Why Email Security Matters
Email Authentication Benefits
- Prevents email spoofing and phishing attacks
- Improves email deliverability rates
- Protects brand reputation and trust
- Required for Gmail, Yahoo & Outlook delivery
Compliance Requirements
- SPF record mandatory for bulk senders
- DMARC policy required by major providers
- DKIM signing recommended for all emails
- MTA-STS enhances transport security
Email Security Best Practices
Google, Yahoo, and Microsoft now require SPF, DKIM, and DMARC for bulk email senders. Without proper email authentication, your messages may be rejected or marked as spam, significantly impacting deliverability and business communications.
- Implement SPF records to authorize sending servers
- Configure DKIM to cryptographically sign emails
- Set up DMARC policy to specify handling of failed authentication
- Deploy MTA-STS to enforce TLS encryption for email transport
- Use TLS-RPT for reporting on TLS connection issues
- Consider BIMI for brand logo display in email clients
- Regularly monitor and update email security configurations
Check a single record
Need just one record? Use a focused tool for SPF, DKIM, DMARC or MX - each runs the same scan and links back here for the full picture.
SPF Checker
Validate SPF & the 10-lookup limit
DKIM Checker
Find selectors & check key strength
DMARC Checker
Policy, enforcement & reporting
MX Lookup
Mail servers, priorities & redundancy
Build a new record
Setting up email authentication from scratch? Generate a valid record and copy it straight into your DNS.
That's Just the Beginning
FREEThis Email Security Check scan caught some issues. Run a Full Security Scan to uncover hidden threats like exposed secrets, malicious scripts, and supply chain attacks this quick check missed.