Email Auth Validator

Validates the three email authentication standards — SPF, DMARC, and DKIM — for any domain. Use this when troubleshooting email delivery problems, setting up a new sending domain, or verifying that a recent DNS change took effect correctly.

How to validate a domain

1
Enter your domain
Type the sending domain (e.g. example.com). This should be the domain in the From: address of your emails.
2
Optionally add custom DKIM selectors
If you know your DKIM selector(s), enter them comma-separated in the Selectors field (e.g. google, s1, brevo). Leave blank to probe common selectors automatically.
3
Click Validate
Each section (SPF, DMARC, DKIM) will show a Pass, Warning, or Fail status with the raw record value and an explanation of any issues found.

Understanding the statuses

PassThe record is present and correctly configured with no known issues.

WarningThe record exists but has a configuration issue that may cause delivery problems — for example, SPF ~all (softfail) instead of -all (hardfail), or DMARC without a reporting address.

FailThe record is missing or invalid. Emails sent from this domain are likely to be rejected or land in spam at strict receivers.

What each protocol does

SPF — Sender Policy Framework. A TXT record that lists the servers allowed to send email on behalf of your domain. Receiving servers check this to detect forged senders.

DMARC — Domain-based Message Authentication, Reporting & Conformance. Tells receivers what to do when SPF or DKIM fails (none / quarantine / reject), and where to send reports.

DKIM — DomainKeys Identified Mail. A cryptographic signature added to outgoing emails, verified using a public key published in DNS. Proves the email was not tampered with in transit.

Try the Email Auth Validator →