app like that
Free DMARC/DKIM/SPF Checker
Free DMARC/DKIM/SPF Checker

Tool to check DMARC, DKIM, and SPF settings for email authentication. Sends a report to your email with a detailed analysis.

Features

DMARC Check

Allows you to check if your emails are correctly aligned with DMARC policies. Ensures that emails come from the specified domain in the 'From' field and sets rules for handling those that don’t.

DKIM Check

Verifies the digital signature on emails to ensure they are authorized by the owner of a specific domain and haven't been tampered with in transit. It involves cryptographic signing of the email.

SPF Check

Ensures that the server sending an email is authorized to do so on behalf of the stated sender domain, protecting against unauthorized email sources.

DKIM Validation

The DKIM signature for domains (e.g., dmarcchecker.app and messagingengine.com) is validated to ensure the authenticity of an email.

SPF Validation

Checks whether the sender has a valid SPF policy that allows specific hosts to send emails on behalf of the domain.

DMARC Check

Verifies that the DMARC policy is correctly set up and the domain has passed both DKIM and SPF validation.

Multiple DMARC TXT Records

Only one DMARC record should be published in DNS under _dmarc subdomain. Multiple records cause issues with policy checks.

Missing or Incorrect v=DMARC1 Version Tag

The version tag must be 'v=DMARC1', with no deviations in spelling or case, followed by a semicolon.

Incorrect Separators

Use semicolons (;) for tag separation, and commas (,) for separating email addresses in rua and ruf tags.

Invalid Email Address URIs

rua and ruf tags must have complete mailto URIs for email addresses like 'mailto:example@domain.com'.

Missing p Policy Tag

The p= tag is mandatory to define the DMARC policy, specifying actions for failed checks.

Duplicate Tags

Avoid multiple identical tags in a record, as it can cause conflicts and unpredictable DMARC behavior.

Empty Tags

Every tag must have a value; avoid having empty rua, ruf, or fo tags.

Misspelled Tag Names and Tag Values

Tags must follow DMARC specifications exactly. Common errors include using pto instead of pct.

Quotes Around the DMARC Record

Do not enclose the DMARC record in single or double quotes, as it renders it invalid.

Unexpected Characters in the Record

Avoid non-standard characters like tabs, line feeds, and carriage returns in DMARC records.

Multiple SPF TXT Records

SPF records must not have multiple TXT entries for the same domain. This should be merged into a single record, using mechanisms like 'v=spf1 include:...'.

Missing Spaces in the SPF Record

SPF records need proper spacing. Missing spaces can concatenate strings incorrectly leading to errors.

Spaces Where They Don't Belong

SPF entries should not have spaces between mechanisms and their values, as this can invalidate the record.

Unknown Mechanisms

Common, recognized mechanisms include ip4, ip6, mx. Typos and unknown mechanisms can cause errors.

SPF Record Doesn’t Start with v=spf1

Every SPF record must start with 'v=spf1'. Typos such as 'vspf1' lead to record errors.

Multiple TXT Records Merged into One

Different TXT records for different uses should not be merged to avoid validation issues.

Illegal Characters in the SPF Record

SPF records must have boundaries with spaces, and illegal characters can introduce errors.

Invalid Domain Names

Domains in SPF cannot include prefixes like 'https://'. The domain must be correctly formatted.

Invalid IP Addresses

Correctly formatted IP addresses are necessary. Errors occur with placeholders or incomplete IP addresses.

Missing Mechanism or Modifier Names

Each mechanism must have its own modifier. Combining different IP versions without separate mechanisms causes errors.

SPF Insights

Provides analysis of SPF records from the top 1M websites, highlighting the usage of SPF mechanisms, qualifiers, and modifiers.

DKIM Insights

Analyzes 476,617 DKIM records from the top domains, focusing on DKIM record status, key types, and key lengths.

DMARC Insights

Explores DMARC record analysis, including the usage of DMARC tags and policies among the top 1M domains.

SPF Record Maximum Length Explanation

Explains that the maximum length for an SPF record is 450 characters minus the length of the domain name and other TXT record values, following RFC 7208 guidelines.

UDP Message Size and DNS Resolution

Discusses the 512-byte limit for UDP response size and its impact on DNS resolution, highlighting that some DNS resolvers fail back to TCP for messages exceeding this size.

Practical Testing with DNS Tools

Shows how to use the 'dig' tool to determine current message size for a domain to assess SPF record length compliance.

Major Email Providers' SPF Handling Experiment

Describes an experiment to test how major email providers handle large SPF records, indicating varied results from providers like Gmail and Outlook.

SPF Record Optimization Techniques

Offers strategies to shorten SPF records, including using IP ranges, breaking records into smaller sections, and using SPF macros to streamline contents.