SPF DKIM DMARC

Email DNS test

Validate email DNS posture: SPF, DKIM selectors, and DMARC alignment. Designed for quick troubleshooting when mail deliverability drops or spoofing protection is being added.

Mail routing
MX sanity checks + common mistakes
TXT records
SPF/DKIM/DMARC parsing and hints
Anti-spoofing
Alignment cues and safe rollout steps

Test a domain

Enter the root domain used for outbound email. Optionally provide a DKIM selector if you know it.

If your provider publishes multiple selectors, run the check per selector.
Example output below shows how the tool will report findings.

Results

Example findings: what’s present and what to fix.

Email posture
Good foundation; DMARC policy can be tightened.
SPF OK DKIM found DMARC p=none

SPF

Pass
Recordv=spf1 include:_spf.provider.tld -all
NotesSingle record, strict -all

DMARC

Improve
  • v=DMARC1 present
  • Policy p=none
  • Reporting enabled

Safe rollout

A pragmatic way to tighten anti-spoofing without breaking mail.

Start with reports
DMARC p=none collects data so you can see all senders that use your domain.
Align senders
Ensure every legitimate sender is covered by SPF/DKIM and passing alignment.
Tighten gradually
Move to quarantine then reject once you’re confident.

FAQ

Quick answers to common questions.

Why does DKIM fail even with a record?
Common causes include wrong selector, key rotation, or the signing domain not matching the visible From domain (alignment).
Should SPF be ~all or -all?
If you know all legitimate senders, -all is stricter. Use ~all while transitioning or auditing senders.
Tools

Want deliverability you can rely on?

We can implement SPF/DKIM/DMARC correctly and monitor changes so mail stays consistent over time.

Start a conversation All tools
Measured rollout. Verified alignment. Clear reporting.
SPF DKIM DMARC