Domain Health Checker
Check your SPF, DMARC, DKIM & MX records instantly. Identify email authentication issues before they hurt your deliverability.
How do I check my domain's email health?
Enter your domain above and run the check to instantly validate your SPF, DMARC, DKIM, and MX records. Review the results and follow the recommendations to fix any email authentication issues before they hurt your deliverability.
Understanding Email Authentication
Learn how SPF, DKIM, and DMARC work together to protect your domain
What is SPF?
SPF (Sender Policy Framework) is a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain.
When an email arrives, the receiving server checks the SPF record to verify that the sending server's IP address is authorized. If it's not, the email may be rejected or marked as spam.
Example SPF record:
v=spf1 include:_spf.google.com ~allThe ~all at the end means "soft fail" – unauthorized emails may be marked as suspicious. Use -all for stricter enforcement.
Frequently Asked Questions
What is an SPF record and why do I need one?+
SPF (Sender Policy Framework) is a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. It helps prevent email spoofing and improves deliverability by allowing receiving servers to verify that incoming mail from your domain is legitimate.
What's the difference between DMARC and SPF?+
SPF specifies which servers can send email for your domain, while DMARC builds on SPF (and DKIM) by telling receiving servers what to do when authentication fails. DMARC adds a policy layer (none, quarantine, or reject) and provides reporting capabilities.
Why do I need to know my DKIM selector?+
DKIM records are stored at a specific subdomain that includes the selector name (e.g., selector._domainkey.yourdomain.com). Different email services use different selectors. Our tool checks common selectors automatically, but for accurate results, you should know your specific selector from your email provider.
Why is there a 10 DNS lookup limit for SPF?+
RFC 7208 limits SPF to 10 DNS lookups to prevent denial-of-service attacks and ensure quick email processing. Each include, a, mx, ptr, exists, and redirect mechanism counts as a lookup. Exceeding this limit causes SPF to return 'permerror'.
Is it okay to have DMARC policy set to 'none'?+
DMARC p=none is a valid starting point for monitoring, as it allows you to receive reports without affecting email delivery. However, it provides no protection against spoofing. Plan to gradually move to 'quarantine' and eventually 'reject'.
What if I don't have any email authentication records?+
Without SPF, DKIM, or DMARC, your emails are more likely to be marked as spam or rejected by major providers. Additionally, your domain is vulnerable to spoofing attacks. We recommend implementing all three as soon as possible.
Domain Authenticated?
Great email authentication means nothing if your emails bounce. Verify your email list reaches real inboxes with Enrichley's industry-leading catch-all verification.