Tools

SPF / DKIM / DMARC Checker

Check whether a domain publishes core email-authentication records and inspect the returned TXT values.

How SPF, DKIM, and DMARC fit together

  1. SenderMessage claims to come from a domain.
  2. SPF / DKIM checksReceiver checks sending IP authorization and cryptographic signature when present.
  3. DMARC alignment and policyReceiver checks whether SPF or DKIM aligns with the visible From domain and reads the domain policy.
  4. Receiver actionDeliver, quarantine, reject, or report based on policy and local filtering.

This diagram is educational. Mail authentication improves trust signals, but it does not prove that a message is safe.

Generate a starter DMARC record without pretending it is universal

Use checker above
Advanced options

Advanced options can affect legitimate mail. Test known senders before enforcement.

Generated example

Customize before publishing


            

Copyable starter records with clear caveats

DMARC monitoring example

Start with visibility

_dmarc.example.com TXT "v=DMARC1; p=none; rua=mailto:dmarc-reports@example.com; pct=100"

Example only. Replace the domain and reporting address. Monitoring does not block spoofed mail.

SPF example

Authorize known senders only

example.com TXT "v=spf1 include:_spf.example-mail-provider.com -all"

Example only. Replace the include with your real mail provider and avoid multiple SPF records.

Comparison

SPF, DKIM, and DMARC roles

SPFChecks whether a sending IP is authorized for the envelope domain.
DKIMChecks whether signed message content matches a domain-controlled key.
DMARCChecks alignment with the visible From domain and requests receiver handling.