Free Email Security Checker (SPF, DKIM, DMARC)

Test email authentication online. Validate SPF records, check DKIM configuration, verify DMARC policy, and analyze MTA-STS, TLS-RPT, BIMI & DANE. Ensure compliance with Google, Yahoo, and Microsoft bulk sender requirements.

https://

No credit card required • Instant results

SPF/DKIM/DMARC

Verify email authentication protocols to prevent spoofing and ensure deliverability to Gmail, Yahoo & Outlook

Compliance Check

Ensure compliance with mandatory Google, Yahoo, and Microsoft requirements for bulk email senders

Advanced Protocols

Check MTA-STS, TLS-RPT, BIMI, and DANE implementation for enhanced email security and branding

Comprehensive Email Security Analysis

Our scanner performs a thorough analysis of your domain's email security configuration, checking all critical protocols and records:

SPF Records

Sender Policy Framework validation and DNS lookup count analysis

DKIM Records

DomainKeys Identified Mail configuration and key verification

DMARC Policy

Domain-based Message Authentication policy and reporting URIs

MX Records

Mail server configuration and redundancy checks

MTA-STS

Mail Transfer Agent Strict Transport Security policy validation

TLS-RPT

TLS reporting configuration for monitoring email encryption

BIMI

Brand Indicators for Message Identification (logo display)

DANE/TLSA

DNS-based Authentication of Named Entities for certificate validation

Why Email Security Matters

Email Authentication Benefits

  • Prevents email spoofing and phishing attacks
  • Improves email deliverability rates
  • Protects brand reputation and trust
  • Required for Gmail, Yahoo & Outlook delivery

Compliance Requirements

  • SPF record mandatory for bulk senders
  • DMARC policy required by major providers
  • DKIM signing recommended for all emails
  • MTA-STS enhances transport security

Email Security Best Practices

Google, Yahoo, and Microsoft now require SPF, DKIM, and DMARC for bulk email senders. Without proper email authentication, your messages may be rejected or marked as spam, significantly impacting deliverability and business communications.

  • Implement SPF records to authorize sending servers
  • Configure DKIM to cryptographically sign emails
  • Set up DMARC policy to specify handling of failed authentication
  • Deploy MTA-STS to enforce TLS encryption for email transport
  • Use TLS-RPT for reporting on TLS connection issues
  • Consider BIMI for brand logo display in email clients
  • Regularly monitor and update email security configurations

Check a single record

Need just one record? Use a focused tool for SPF, DKIM, DMARC or MX - each runs the same scan and links back here for the full picture.

Build a new record

Setting up email authentication from scratch? Generate a valid record and copy it straight into your DNS.

That's Just the Beginning

FREE

This Email Security Check scan caught some issues. Run a Full Security Scan to uncover hidden threats like exposed secrets, malicious scripts, and supply chain attacks this quick check missed.