DMARC Checker

Check DMARC, DKIM, and SPF Settings

What is DKIM?

DKIM (pronounced dee-kim) is a way to digitally sign emails, ensuring they are authorized by the owner of a specific domain and haven’t been tampered with during transit. Here’s how it works:

  • The email sender generates a cryptographic public/private key pair, signs the email with the private key, and shares the public key in the DNS records of their domain.
  • The recipient retrieves the public key from DNS and verifies the signature in the email’s headers to confirm the message’s integrity.

However, DKIM alone doesn’t stop scammers from spoofing an email’s From address and sending messages from unauthorized servers. For instance, a scammer could attach a valid DKIM signature for domain spoofed-example.com to the email while using jane.doe@example.com as the sender address. Despite this, the email would still pass a DKIM check.

What is SPF?

SPF (pronounced as individual letters: S-P-F) ensures that the server sending an email is authorized to do so on behalf of the stated sender domain found in the email’s Return-Path header:

  • The owner of the domain publishes an SPF policy in the domain’s DNS records, specifying which IP addresses are allowed to send emails for that domain.
  • When an email is received, the recipient checks the sender domain’s DNS records to see if the sending server’s IP address matches one of the allowed IP addresses.

SPF verifies the domain from the email’s Return-Path (also known as MAIL FROM, Envelope From, or bounce address), which might not match the domain displayed in the From address visible in the email client. This means that, similar to DKIM, scammers can spoof the From address and still pass an SPF check.

What is DMARC?

DMARC (pronounced dee-mark) builds on DKIM and SPF to ensure that emails come from the specified domain in the From field and to set rules for handling those that don’t:

  • The domain owner publishes a DMARC DNS record, instructing receiving servers how to handle messages that fail SPF and DKIM checks.
  • When an email arrives, the recipient checks the DMARC record and verifies DKIM and SPF. If either passes and aligns with the From domain, DMARC passes. Otherwise, the message may be rejected or quarantined.

Can I see a sample report?

Sure, here’s an example.

However, don’t hesitate to send an email. You’ll receive precisely one email containing a brief overview of the check results along with a link to the complete report. Your email address will be used solely for this purpose and will not be shared with any third parties.