SPF · DKIM · DMARC
Check a domain's email authentication
See whether a domain has SPF, DKIM, and DMARC set up — the DNS records that stop scammers from spoofing email from that domain — and get an overall grade. We also check DNSSEC, CAA, and MTA-STS.
Frequently asked questions
What are SPF, DKIM, and DMARC?
They're DNS records that prove an email really came from a domain and stop spammers from spoofing it. DMARC ties SPF and DKIM together and tells receivers what to do with fakes.
How do I check if my domain can be spoofed?
Enter your domain here. We look up its SPF, DKIM, and DMARC records and explain whether they protect against impersonation.
What are DNSSEC, CAA, and MTA-STS?
Extra DNS protections. DNSSEC cryptographically signs a domain's DNS so answers can't be forged; CAA limits which authorities may issue its TLS certificates; MTA-STS forces inbound email to use encryption. We report whether each is published.