What are SPF, DMARC, and DKIM?

They are DNS-based email authentication standards. SPF lists which servers may send mail for your domain, DKIM cryptographically signs your messages, and DMARC tells receiving servers what to do when SPF or DKIM fail — together they stop spoofing and improve deliverability.

Why does the DKIM check sometimes say "not found"?

DKIM records live at a provider-specific selector (e.g. selector1._domainkey). We probe the most common selectors — default, google, selector1, selector2, k1 — but if your provider uses a custom selector we may not find it even though DKIM is configured.

What does a good DMARC policy look like?

Start with p=none to monitor, then move to p=quarantine and finally p=reject once your SPF and DKIM are aligned and your aggregate (rua) reports look clean. Enforcing policies are what actually block spoofed mail.

Is this check free and private?

Yes. The lookup runs on demand against public DNS and the results are shown only to you — nothing is stored.

Free tool · no signup

Free Email Authentication Checker (SPF, DMARC, DKIM)

Check a domain's SPF, DMARC, and DKIM records and get recommendations to improve deliverability.

Frequently asked questions

What are SPF, DMARC, and DKIM?: They are DNS-based email authentication standards. SPF lists which servers may send mail for your domain, DKIM cryptographically signs your messages, and DMARC tells receiving servers what to do when SPF or DKIM fail — together they stop spoofing and improve deliverability.
Why does the DKIM check sometimes say "not found"?: DKIM records live at a provider-specific selector (e.g. selector1._domainkey). We probe the most common selectors — default, google, selector1, selector2, k1 — but if your provider uses a custom selector we may not find it even though DKIM is configured.
What does a good DMARC policy look like?: Start with p=none to monitor, then move to p=quarantine and finally p=reject once your SPF and DKIM are aligned and your aggregate (rua) reports look clean. Enforcing policies are what actually block spoofed mail.
Is this check free and private?: Yes. The lookup runs on demand against public DNS and the results are shown only to you — nothing is stored.

Doing this for 20 client sites?

Everguardly runs these checks automatically and alerts you 60, 30, 14, 7, and 1 days before anything expires.

Start 14-day trial See pricing →

Related tools

SSL Checker

Check any SSL certificate's issuer, expiry, chain validity, and hostname match.

WHOIS Lookup

Look up domain registration, registrar, nameservers, and expiry via RDAP.

DNS Lookup

Resolve A, AAAA, MX, TXT, NS, or CNAME records for any hostname.

Domain Expiry

How many days until any domain expires? Registrar + expiry date in one click.

HTTP Header Checker

Inspect any site's HTTP response headers and grade its security headers (HSTS, CSP, and more).