Sendhiiv Start free

Free SPF, DKIM & DMARC Checker

Enter your domain to instantly test your email authentication records. We check SPF (including the 10-lookup limit), DKIM keys, and your DMARC policy — then tell you in plain English what to fix.

Know your DKIM selector? (optional) — we also auto-probe the 20 most common selectors.

No signup required. Results are read-only public DNS lookups.

What this tool checks

The short version: reliable inbox delivery needs three records working together — SPF, DKIM, and DMARC. Most "my emails go to spam" problems trace back to one of them being missing, misconfigured, or silently over a limit. This checker inspects all three plus your MX records and scores the result.

SPF — who is allowed to send

SPF is a TXT record listing the servers permitted to send mail for your domain. The catch most people miss: SPF allows a maximum of 10 DNS lookups. Every include: for a third-party sender counts, and once you cross 10, receivers return a permerror and treat SPF as failed — even though the record "looks fine." This tool counts your lookups recursively, the way a real mail server does.

DKIM — proof the message wasn't tampered with

DKIM adds a cryptographic signature to every message, published as a public key at selector._domainkey.yourdomain.com. The selector is chosen by your sending provider, so it isn't discoverable from DNS alone. We probe the 20 most common selectors automatically and let you enter your own if you know it.

DMARC — the policy that ties it together

DMARC tells receivers what to do when a message fails SPF and DKIM, and where to send reports. A record with p=none only monitors — it provides no spoofing protection. We flag your policy strength and whether you're collecting reports, and we catch the common case where a wildcard CNAME silently shadows your DMARC record.

Tired of fighting deliverability?

Sendhiiv runs on dedicated, monitored sending infrastructure — and walks you through SPF, DKIM and DMARC setup when you add a domain. Send your first emails free.

Create a free account

Frequently asked questions

What is the difference between SPF, DKIM and DMARC?

SPF lists which servers may send for your domain, DKIM signs your messages so receivers can verify they weren't altered, and DMARC ties the two together and tells receivers what to do on failure. You need all three for reliable inbox placement.

Why do my emails go to spam even though I have SPF?

SPF alone isn't enough. The usual causes are a missing or p=none DMARC policy, no DKIM signature, or an SPF record that quietly exceeds the 10-lookup limit. Checking all three together surfaces the real cause.

What is the SPF 10-lookup limit?

SPF permits at most 10 DNS lookups across include, a, mx, ptr, exists and redirect terms. Exceed it and receivers return a permerror and treat SPF as failed. Each third-party sender you add via include: brings you closer.

How do I find my DKIM selector?

It's set by your mail provider: Google uses google, Microsoft 365 uses selector1/selector2, Mailchimp uses k1, Amazon SES uses random tokens. This checker probes the common ones and accepts a custom selector.

What DMARC policy should I use?

Start at p=none with a rua reporting address to monitor safely. Once reports confirm your legitimate senders pass, move to p=quarantine, then p=reject for full protection.