Email Authentication Checker – SPF, DKIM & DMARC

Scan for Security, Stay for the Show

Our email authentication checker allows you to quickly verify SPF, DKIM, and DMARC records to help prevent spoofing and phishing attacks. Use our free tool to enhance your email deliverability and protect your organisation’s domain from impersonation.

Explained Without the Headache

SPF, DKIM and DMARC?

This short and light-hearted video explains how email authentication works, and why it is important for protecting your domain from spoofing, phishing and poor email delivery.

The Future of Email Security

Stay ahead of phishing threats and compliance changes with a look at the key developments shaping DMARC, authentication, and email trust over the coming months.

Jan 2023

Rise of Phishing-as-a-Service (PhaaS) - 'Off-the-shelf' phishing kits made spoofing easier, pushing more organisations to implement DMARC to protect their brand.

Sep 2023

Apple Mail Privacy Updates (iOS 17 / macOS Sonoma) - Apple further restricted tracking like email opens, making delivery and domain trust more important than ever.

Feb 2024

Gmail & Yahoo Enforce Authentication - Bulk senders must now use SPF, DKIM and DMARC. Poor authentication or high spam complaints can lead to emails being blocked.

Jun 2024

NCSC Tightens UK DMARC Guidance - The UK's National Cyber Security Centre began urging full DMARC enforcement, particularly across public sector domains.

Mar 2025

PCI DSS v4.0 Comes into Effect - The latest standard encourages DMARC as part of stronger anti-phishing controls for payment and cardholder data protection.

May 2025

Microsoft Increases DMARC Enforcement - Microsoft 365 and Exchange Online began stricter DMARC checks. Misconfigured or missing records may affect deliverability.

Late 2025

Wider Microsoft Enforcement of p=reject Policies - Microsoft is expected to expand policy-level DMARC enforcement across more tenants, prioritising p=reject domains and rejecting unauthenticated sources more aggressively.

2025 - 2026

ISO/IEC 27002 Alignment with Email Authentication - ISO 27002 revisions are likely to formally recognise email authentication methods like DMARC as part of recommended anti-phishing controls.

The Dream Team

The Bouncer

SPF

The Investigator

DKIM

The Don

DMARC

The Courier

MTA-STS

Frequently asked questions

What is DMARC and why do I need it?

DMARC (Domain-based Message Authentication, Reporting & Conformance) helps stop unauthorised use of your domain in phishing and spoofing attacks. It ensures only trusted senders can use your domain to send email.

What’s the difference between SPF, DKIM and DMARC?

SPF checks if an email comes from a server allowed by your domain. DKIM adds a digital signature to prove the message wasn’t altered. DMARC uses SPF and DKIM together to decide what to do with unauthenticated emails.

Can DMARC stop phishing attacks?

Yes! DMARC helps prevent attackers from sending fake emails using your domain, making it much harder for phishing emails to look legitimate.

Will DMARC help my emails avoid the junk folder?

Yes! A properly configured DMARC policy, along with SPF and DKIM, improves your domain’s reputation and email deliverability. Many inbox providers treat authenticated emails as more trustworthy, so they’re less likely to be marked as spam.

Why is my email domain vulnerable without DMARC?

Without DMARC, anyone can spoof your domain and send emails that appear to come from you, putting your reputation and customers at risk.

What happens if I publish a DMARC record?

Once set up, DMARC tells inbox providers how to handle suspicious emails. You’ll also receive reports showing who is sending mail on your behalf; so you can identify issues and tighten control.

Need help understanding your results?

If the results from the email authentication checker were unclear or you are unsure what to do next, we are here to help. Use the form to ask questions, get support, or speak to someone who can guide you through your report.