Get instant analysis for DMARC, SPF, MX, and DKIM records on any domain. The most comprehensive and insightful domain health check tool.
List of Checks
| Title | Description | Documentation |
|---|---|---|
| DMARC Record Existence | No DMARC record found for the domain. | RFC 7489 - DMARC Policy Record |
| Invalid DMARC Version | The DMARC record does not start with 'v=DMARC1'. | RFC 7489 - DMARC Version |
| Missing DMARC Policy | No policy (p) tag found in the DMARC record. | RFC 7489 - DMARC Policy |
| Invalid DMARC Policy Ordering | DMARC policy (p) tag is not the first tag after the version. | RFC 7489 - DMARC Policy |
| Unknown or non-standard DMARC Tag | The DMARC record contains an unknown or non-standard tag. | RFC 7489 - DMARC Policy |
| Weak DMARC Policy | DMARC policy is set to 'none', which only monitors without enforcing. | RFC 7489 - Policy Actions |
| Partial DMARC Enforcement | DMARC policy applies to less than 100% of emails. | RFC 7489 - Percentage Tag |
| No Aggregate Reports Configured | No aggregate report URI (rua) is configured. | RFC 7489 - Aggregate Reports |
| Subdomain Policy on Subdomain | The 'sp' tag is set on a subdomain DMARC record where it has no effect. | RFC 7489 - Subdomain Policy |
| Weak Subdomain Policy | Subdomain policy is weaker than the main domain policy, leaving subdomains less protected. | RFC 7489 - Subdomain Policy |
| Title | Description | Documentation |
|---|---|---|
| SPF Record Existence | No SPF record found for the domain. | RFC 7208 - Sender Policy Framework: SPF Records |
| Invalid Version Tag | The record does not start with 'v=spf1'. | RFC 7208 - SPF Records |
| Multiple SPF Records | Multiple SPF records were found for the domain. | RFC 7208 - Multiple DNS Records |
| DNS Lookup Limit | The SPF record requires more than 10 DNS lookups to resolve. | RFC 7208 - DNS Lookup Limits |
| Void DNS Lookup Limit | The SPF record triggered more than 2 void DNS lookups (lookups returning empty answers/NXDOMAIN). | RFC 7208 - DNS Lookup Limits |
| MX DNS Lookup Limit | The SPF record uses an 'mx' mechanism that contains more than 10 entries. | RFC 7208 - MX Mechanism |
| Missing 'all' or 'redirect' | The SPF record does not contain an 'all' mechanism or a 'redirect' modifier. | RFC 7208 - Default Result |
| Permissive 'all' Mechanism | The record ends with '+all' (pass all). | RFC 7208 - The 'all' Mechanism |
| Usage of 'ptr' Mechanism | The 'ptr' mechanism is used in the SPF record. | RFC 7208 - 'ptr' (do not use) |
| Syntax Error in Mechanism | One or more mechanisms in the SPF record contain syntax errors. | RFC 7208 - Mechanism Definitions |
| Unknown Modifier | The record contains an unknown modifier (not 'redirect' or 'exp'). | RFC 7208 - Modifier Definitions |
| Title | Description | Documentation |
|---|---|---|
| DKIM Public Key | No public key found in the DKIM record. | RFC 6376 - DKIM Key Representation |
| DKIM Key Length | RSA key is less than 1024 bits. | RFC 8301 - Cryptographic Algorithm Recommendations |
| DKIM Testing Mode | Testing mode flag (y) is set in the DKIM record. | RFC 6376 - Key Flags |
| DKIM Deprecated Hash Algorithm | The DKIM record only allows SHA-1 hash algorithm. | RFC 8301 - Cryptographic Algorithm Recommendations |