Email DNS Checker — MX, SPF, DKIM & DMARC

MX, SPF, DKIM & DMARC for any domain — is its email locked down?

MX (mail servers)
SPF
DMARC
DKIM
Help us improve Was this tool useful? Tap a star. Thanks — your rating helps others find it.
Be the first to rate

How to check a domain's email DNS

Type a domain and press Check. You get its MX records (the mail servers, in priority order), its SPF record if it has one, its DMARC record and policy (none / quarantine / reject), and any DKIM keys found on the common selectors. Everything is read live from DNS.

This checks the four DNS records that govern a domain's email: MX (where mail is delivered), SPF (which servers may send as it), DKIM (its signing keys) and DMARC (what receivers should do with fakes). Enter a domain to see what is set — and what is missing.

Why these records matter

Without SPF and DMARC, anyone can send email that looks like it came from the domain — the classic phishing setup — and legitimate mail is more likely to land in spam. DMARC at p=reject with SPF and DKIM aligned is the gold standard. Missing records are a red flag whether you own the domain or are vetting a sender.

FAQ

It says DKIM "none detected" — is there really none?Not necessarily. DKIM keys live on a named selector (like google or selector1) and there is no way to list them all, so this probes the common ones. A blank result means none of those matched — the domain may still use a custom selector.
What is a good DMARC policy?p=reject is strongest (fakes are dropped), p=quarantine sends them to spam, p=none only monitors. Aim to reach p=reject once SPF and DKIM are solid.
No SPF or DMARC — is that bad?Yes — the domain's email can be spoofed and is more likely to be marked spam. Both are free DNS records worth adding.