Check your domain's SPF, DKIM and DMARC records — the three DNS records that prove your mail is genuine and keep it out of spam. Optionally enter your DKIM selector.

Domain

DKIM selector (optional)

Build an SPF record. List every source allowed to send mail for your domain, then choose how strict to be.

Allow my MX servers (mx)

Allow my domain's A record (a)

Allowed IPv4 addresses / ranges (comma or space separated)

Third-party includes (e.g. _spf.google.com)

Policy for everything else

Your SPF record

Add as a TXT record on the root of your domain:

v=spf1 mx ~all

Build a DMARC record. Start with p=none to monitor, then tighten to quarantine/reject.

Policy (p)

Aggregate report address (rua)

Percentage (pct)

Subdomain policy (sp)

DKIM alignment (adkim)

SPF alignment (aspf)

Your DMARC record

Add as a TXT record at _dmarc.yourdomain.com:

v=DMARC1; p=none; pct=100; adkim=r; aspf=r

SPF, DKIM and DMARC explained

These three DNS records work together to prove your email is legitimate and stop spammers from forging your domain. Getting all three right is the single biggest factor in email deliverability.

SPF — (Sender Policy Framework) lists which servers are allowed to send mail for your domain.
DKIM — (DomainKeys Identified Mail) adds a cryptographic signature so receivers can verify the message wasn't altered and really came from you.
DMARC — tells receivers what to do when SPF or DKIM fails, and sends you reports on who is sending mail as your domain.

As of 2024, Google and Yahoo require bulk senders to have all three configured. Use the checker above to confirm your setup, and the generators to create correct records.

SPF, DKIM & DMARC Tool

Your SPF record

Your DMARC record

SPF, DKIM and DMARC explained