Publish an SPF record
List the services allowed to send for the domain, ending in -all or ~all. Keep it to one SPF record.
Look up the email authentication records on a domain.
Your result
What this checks
SPF, DKIM and DMARC are DNS records that prove an email really came from the domain it claims to. Together they decide whether a message lands in the inbox, the spam folder or nowhere.
This tool looks up the records straight from DNS in your browser using DNS-over-HTTPS, so there is nothing to install and no server in the middle.
Why it matters
Without these records, a client newsletters and transactional emails are more likely to be filtered as spam, and the domain is easier to spoof.
Mail providers have tightened the rules, so a missing or broken DMARC policy now actively hurts deliverability.
How to fix it
List the services allowed to send for the domain, ending in -all or ~all. Keep it to one SPF record.
Add the signing key your mail provider gives you, so messages are cryptographically signed.
Start with p=none to monitor, then move to quarantine or reject once SPF and DKIM align.
Janitor watches email deliverability (SPF, DKIM, DMARC) automatically across every client site and puts it in a branded report you can send.
Keep reading
FAQ
It queries public DNS directly from your browser using DNS-over-HTTPS. Nothing is sent to our servers, and there is no sign-up.
DKIM records live at a selector you choose, like selector1._domainkey.example.com. The tool checks common selectors, but if yours is custom you may need to look it up by name with your mail provider.
Yes. Janitor checks SPF, DKIM and DMARC health on every client site and alerts you if a record changes or breaks.
Get started
Janitor runs around two dozen checks on every site you manage and turns them into a branded report.
30-day free trial. No credit card required.