SPF & DMARC Checker
Check the email authentication DNS records for any domain — SPF, DMARC and DKIM. Validate your setup and find misconfigurations that allow email spoofing.
Frequently Asked Questions
What is SPF and why do I need it?
SPF (Sender Policy Framework) is a DNS record that lists which mail servers are authorised to send email from your domain. Without SPF, anyone can send email that appears to come from your domain, enabling phishing and spoofing attacks.
What is the difference between DMARC p=none, quarantine and reject?
p=none is monitoring-only mode — emails still deliver normally but reports are sent. p=quarantine sends failing emails to spam. p=reject blocks failing emails entirely and is the recommended setting for fully protected domains. Start with p=none, then escalate.
Why is DKIM not detected?
DKIM records are stored under a selector subdomain (e.g. google._domainkey.yourdomain.com). This tool checks the most common selectors automatically. If your selector is custom, you will need to check it manually. DKIM is configured in your email provider — contact them for your selector name.
My domain has SPF but still gets spoofed — why?
SPF alone is not enough. You also need DMARC to enforce the SPF policy. Without DMARC, even a valid SPF record does not prevent spoofing because email clients are not required to act on SPF failures. DMARC with p=reject gives full protection.