Janitor
Start your free trial Start free
FeaturesHow it worksReportsPricing Log in Start your free trial

DNS and email

SPF, DKIM and DMARC checker

Look up the email authentication records on a domain.

Example SPF, DKIM and DMARC checker result

What this checks

SPF, DKIM and DMARC are DNS records that prove an email really came from the domain it claims to. Together they decide whether a message lands in the inbox, the spam folder or nowhere.

This tool looks up the records straight from DNS in your browser using DNS-over-HTTPS, so there is nothing to install and no server in the middle.

Why it matters

Without these records, a client newsletters and transactional emails are more likely to be filtered as spam, and the domain is easier to spoof.

Mail providers have tightened the rules, so a missing or broken DMARC policy now actively hurts deliverability.

How to fix common failures

1

Publish an SPF record

List the services allowed to send for the domain, ending in -all or ~all. Keep it to one SPF record.

2

Set up DKIM

Add the signing key your mail provider gives you, so messages are cryptographically signed.

3

Add a DMARC policy

Start with p=none to monitor, then move to quarantine or reject once SPF and DKIM align.

SPF, DKIM and DMARC checker is one check. Janitor watches email deliverability (SPF, DKIM, DMARC) automatically across every client site and puts it in a branded report.

Start your free trial

Keep reading

Related

DNS lookup

Open →

Every check Janitor runs

Open →

See a sample report

Open →

FAQ

SPF, DKIM and DMARC checker FAQ

How does this look up the records?

It queries public DNS directly from your browser using DNS-over-HTTPS. Nothing is sent to our servers, and there is no sign-up.

Why can the tool not find my DKIM record?

DKIM records live at a selector you choose, like selector1._domainkey.example.com. The tool checks common selectors, but if yours is custom you may need to look it up by name with your mail provider.

Can I monitor email authentication over time?

Yes. Janitor checks SPF, DKIM and DMARC health on every client site and alerts you if a record changes or breaks.

Get started

Check it once, or watch it for every client

Janitor runs around two dozen checks on every site you manage and turns them into a branded report.

Start your free trial All free tools

30-day free trial. No credit card required.