Link Tools Dereferer Hide Referrer Link URL Shortener Affiliate Cloaker PayPal Links PayPal DonationPayPal Links Privacy Tools Password Generator Cloudflare Resolver My Referrer Torrent Tools Magnet → Torrent Torrent → Magnet Torrent Editor Pirate Bay Proxies Movierulz Proxies ExtraTorrent Proxies Dev Tools Base64 Encoder Hash Generator HTTP Headers Disposable Email Checker Company Blog About Us Contact Anonymize Free
General

SPF, DMARC and DKIM Explained: How to Stop Email Spoofing on Your Domain

JAY
Author
May 19, 2026 ·2 min read ·8 views

 

Email spoofing is one of the oldest phishing techniques. An attacker sends email appearing to come from your domain to scam your customers. Three DNS records prevent this: SPF, DMARC and DKIM. The SPF & DMARC Checker verifies all three for any domain instantly.

What Is SPF?

SPF (Sender Policy Framework) is a DNS TXT record listing IP addresses authorised to send email from your domain. A correctly configured SPF record ends with -all (hard fail) which tells receiving servers to reject unauthorised senders. Using +all is a critical misconfiguration that authorises every server on the internet to send from your domain.

What Is DMARC?

DMARC builds on SPF and DKIM to enforce what happens when authentication fails. Without DMARC, even a valid SPF record does not prevent spoofing because receiving servers are not required to act on SPF failures. DMARC has three policy levels: p=none (monitor only), p=quarantine (spam folder) and p=reject (block entirely). DMARC also enables aggregate reporting which sends XML reports showing exactly which servers are sending from your domain and whether they pass authentication.

What Is DKIM?

DKIM adds a cryptographic signature to outgoing emails. Your mail server signs each email with a private key, and the public key is published in a DNS TXT record. Receiving servers verify the signature confirming the email was not tampered with in transit. DKIM is configured in your email provider — Google Workspace, Microsoft 365, Mailchimp and all major ESPs support it.

The Correct Setup Order

Configure SPF first, then DKIM via your email provider, then add DMARC starting with p=none and an rua report address. Monitor reports for two to four weeks. Once all legitimate email passes, move to p=quarantine then p=reject. This graduated approach prevents accidentally blocking legitimate email.

Check Any Domain

The SPF & DMARC Checker fetches live DNS records for any domain, shows the full raw record, flags misconfigurations like +all or missing report addresses, auto-detects DKIM across common selectors and gives a security grade from A to F. Run it on your own domain, your competitors and any domain that sends email on your behalf.

 

# General
Share on X
Rate this article
Your rating is stored anonymously. You can rate once per post.
Written by
JAY
Writer at Anonymiz

Related Articles

User Agent Checker: What Your Browser Reveals to Every Website You Visit
May 19, 2026 · JAY
Redirect Checker: How to Trace URL Redirect Chains and Fix SEO Issues
May 19, 2026 · JAY
Framer AI vs Wix ADI vs Bolt.new vs Webflow: Which AI Website Builder Is Best in 2026?
May 18, 2026 · JAY
← Back to Blog
Done!