Email Authentication Checker — DMARC, SPF & DKIM
See how DMARC, SPF, and DKIM work together. Check all three and learn which to fix first.
Check your email authentication
Use our dedicated checkers to validate each record. Each tool explains how to read results and fix common errors.
- DMARC checker — validate your DMARC record, policy, and reporting.
- SPF checker — test your SPF record and lookup chain.
- DKIM checker — verify your DKIM TXT record by domain and selector.
What we check
- •How SPF, DKIM, and DMARC work together
- •Links to dedicated DMARC, SPF, and DKIM checkers
- •Which to fix first (SPF/DKIM then DMARC)
How it works
- Use the dedicated checkers for each: DMARC checker, SPF checker, DKIM checker.
- Fix SPF and DKIM first so your mail passes authentication.
- Then add or tighten DMARC so receivers know what to do with failures.
FAQ
Which one should I fix first?
Fix SPF and DKIM first so your legitimate email authenticates. Then add or update DMARC so receivers know how to handle messages that fail. Starting with DMARC alone can cause rejections if SPF/DKIM aren’t set up yet.
Do I need all three?
For good deliverability and spoofing protection, yes. SPF and DKIM prove your mail is authorized; DMARC tells receivers what to do when it’s not and gives you reporting.
Where do I check each record?
Use our DMARC checker, SPF checker, and DKIM checker pages. Each tool validates one record type and explains how to read results and fix common errors.
What if my domain has no DMARC record?
Receivers may still accept mail using SPF/DKIM, but you have no policy or reporting. Add a DMARC record (start with policy none and rua reporting) then tighten over time.