SPF · DKIM · DMARC Checker
Check if your domain is protected against email spoofing. Verify SPF, DKIM and DMARC in real time. Clear verdict and score 0-100. No sign-up.
Built by
Miguel Ángel Colorado Marin (MACM)
Built by
Miguel Ángel Colorado Marin (MACM)
Full-Stack Developer · Guadalajara, España
I develop web apps, digital tools and full projects — from design to deployment.
How to use the email security checker?
- 1
Enter the domain
Type the domain (e.g. example.com). Without https:// or paths.
- 2
Click Analyze
Queries SPF (domain TXT), DMARC (_dmarc.domain) and 8 DKIM selectors in parallel via DNS-over-HTTPS.
- 3
Review the verdict
In Security: Protected (all 3 present), Partial (some missing) or Unprotected (none).
- 4
Fix it
If something is missing, configure it in your DNS. Without SPF+DKIM+DMARC anyone can impersonate your domain in emails.
SPF · DKIM · DMARC — what they protect
SPF — Sender Policy Framework
Whitelist of servers authorized to send mail for your domain. Without SPF, any server can send emails from @yourdomain.com.
DKIM — DomainKeys Identified Mail
Cryptographic signature on each email. The receiver verifies the email wasn't tampered with and comes from an authorized server using your DNS public key.
DMARC — Domain-based Message Authentication, Reporting and Conformance
Explicit policy on what to do with emails that fail SPF/DKIM. none = monitor, quarantine = spam, reject = reject. Also receives reports of spoofing attempts.
Frequently asked questions
What is SPF?
SPF is a DNS TXT record that specifies which servers can send emails for your domain. Without SPF, any server can impersonate @yourdomain.com. Example: v=spf1 include:_spf.google.com ~all
What is DKIM?
DKIM adds a cryptographic signature to each email. The receiver verifies the signature using the public key in your DNS (selector._domainkey.yourdomain.com). Guarantees sender integrity and authenticity.
What is DMARC?
DMARC unites SPF and DKIM under a policy: none (monitor), quarantine (send to spam) or reject (reject). Configured at _dmarc.yourdomain.com. Google and Yahoo require DMARC for bulk senders since 2024.
How is the score calculated?
SPF +30pts. DMARC +30pts base (+20 if reject, +10 if quarantine, +5 if none). DKIM +20pts. Maximum 100. A low score indicates high vulnerability to spoofing and phishing.
What happens if I don't have DMARC?
Without DMARC, even with SPF and DKIM, there's no instruction on what to do with suspicious emails. Providers may deliver them. Since 2024 it's practically mandatory for bulk senders.
Is it legal to check any domain's SPF/DKIM/DMARC?
Yes. SPF, DKIM and DMARC are public DNS records designed to be queried by any mail server in the world. This tool makes exactly the same DNS queries that Gmail, Outlook or any MTA would make when receiving an email from your domain.
Embed this tool
Integrate the Email Security Checker in your blog or website:
<iframe src="https://miguelacm.es/embed/email-security" width="100%" height="700" style="border:none;border-radius:12px;" loading="lazy"></iframe>
Source code available on GitHub.
View on GitHub