Skip to content

Probe Toolkit
Email
SPF/DKIM/DMARC Checker

SPF/DKIM/DMARC Checker

Validate SPF, DKIM, and DMARC records for any domain.

Domain Name

Enter a domain name to check its email authentication records (SPF, DKIM, and DMARC).

What Are SPF, DKIM, and DMARC?

SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting and Conformance) are three DNS-based email authentication standards that work together to protect your domain from email spoofing, phishing, and spam. When properly configured, they help receiving mail servers verify that incoming messages actually come from authorized senders and have not been tampered with in transit.

SPF — Sender Policy Framework

SPF is a TXT record published in your domain's DNS that lists the IP addresses and mail servers authorized to send email on behalf of your domain. When a mail server receives a message claiming to be from your domain, it checks the SPF record to verify the sending server is permitted. An SPF record should end with a mechanism like -all (reject unauthorized senders) or ~all (soft fail). Each SPF record is limited to 10 DNS lookups to prevent performance issues.

DKIM — DomainKeys Identified Mail

DKIM adds a digital signature to the header of every outgoing email. The sending server signs the message using a private key, and the corresponding public key is published as a DNS TXT record under a specific selector (e.g., selector1._domainkey.example.com). Receiving servers look up this public key to verify the signature, confirming the message has not been altered since it was sent. DKIM selectors vary by email provider — Google Workspace uses google, Microsoft 365 uses selector1 and selector2.

DMARC — Domain-based Message Authentication

DMARC builds on SPF and DKIM by telling receiving mail servers what to do when a message fails authentication. The DMARC policy (p=none, p=quarantine, or p=reject) determines whether failing messages are monitored, sent to spam, or rejected outright. DMARC also supports aggregate reporting (rua) so domain owners can monitor who is sending email using their domain. For maximum protection, implement all three records and gradually move your DMARC policy from none to reject.

Related Tools

MX Record Checker

Look up mail exchange (MX) records for any domain.

Email Header Analyzer

Parse and analyze raw email headers to trace delivery path.

DNS Lookup

Look up any DNS record type for a domain.

About Privacy Terms Support

Client-side where possible. Zero logs. Your data stays yours.

© 2026 Patchen Technologies LLC