Domain Check Tool

Get instant analysis for your DMARC, SPF, MX, DKIM, BIMI, TLS-RPT, MTA-STS, and other email security records on any domain.

How It Works

Public DNS lookup, then record-by-record analysis

The tool reads public DNS responses for the domain, resolves the relevant email authentication records, and runs the results through a rule set that highlights broken syntax, weak policy, and missing protections.

Public DNS lookup: The checker reads the public DNS records that mailbox providers can see for the domain.
Authentication analysis: DMARC, SPF, DKIM, BIMI, TLS-RPT, and MTA-STS records are evaluated for syntax, coverage, and policy quality.
Actionable issues: The results highlight missing protections, risky settings, and misconfigurations that affect deliverability and spoofing resistance.

Issue Detection

What issues does it catch?

The checker looks for the failures that usually block DMARC enforcement, reduce deliverability, or leave gaps in your sender authentication setup.

HIGH

21 high severity issues

Example checks

No SPF record found for the domain.

The record does not start with 'v=spf1'.

Multiple SPF records were found for the domain.

MEDIUM

13 medium severity issues

Example checks

The record ends with '+all' (pass all).

The 'ptr' mechanism is used in the SPF record.

The record contains an unknown modifier (not 'redirect' or 'exp').

LOW

4 low severity issues

Example checks

No public key found in the DKIM record.

No BIMI record found for the domain.

BIMI record exists but is missing the required logo URI ('l=') tag.

Coverage

What is it scanning?

The checker focuses on the public DNS records that control email authentication, brand trust, and transport protection.

DMARC

Checks policy mode, reporting endpoints, alignment settings, and basic record validity.

Docs

SPF

Validates record syntax, improper directive usage, and risky authorization patterns.

Docs

SPF Tree

Validates include chains, DNS lookup count limit.

Docs

DKIM

Surfaces selector and signing gaps that often break alignment or reduce trust with receivers.

Docs

BIMI

Looks for the brand indicator record and whether the DNS path is in place for logo validation.

Docs

MTA-STS

Checks whether transport security policy discovery is configured for inbound mail protection.

Docs

TLS-RPT

Finds reporting configuration for TLS delivery failures so you can detect transport problems.

Docs

MX

Confirms the mail exchanger layer is discoverable and ready to receive mail for the domain.

Docs

FAQ

Common questions about the domain checker

The tool is intentionally simple: public DNS in, actionable analysis out.

Get Started Today

Ensure your email security and deliverability with DMARC

Get started for free. No credit card required.

Get Started Free

Domain Check Tool

How It Works

Issue Detection

Coverage

DMARC

SPF

SPF Tree

DKIM

BIMI

MTA-STS

TLS-RPT

MX

FAQ

How much does the domain check cost?

Do I need to sign up before running a check?

Where does the information come from?

Does it scan live records or cached data?

What should I do after I get the results?

Get Started Today