Security · Email Authentication

Email Security Checker

Enter a domain and this checks its email-authentication posture — SPF, DKIM, DMARC, MX, and MTA-STS — straight from public DNS. You get a graded breakdown of every record, what's wrong, and exactly what to change. Email spoofing is one of the most common attacks, and most domains are quietly misconfigured.

→ OSI Connection Probe → Security Headers Analyzer → CIA Triad Reference

Read-only DNS lookups over DNS-over-HTTPS. The DKIM selector is optional — common ones are tried automatically.

No domain checked yet. Enter one above to grade its email-authentication setup.

How this works: every check is a public DNS lookup performed in your browser over DNS-over-HTTPS (Cloudflare, with Google as a fallback) — the same records any mail server reads to decide whether to trust a message. Nothing is sent to a server of mine and nothing is stored. DKIM is published under a per-domain selector that can't be enumerated from DNS; the tool tries a list of common selectors and you can supply your own. A "no DKIM found" result means none of the common selectors matched — not necessarily that DKIM is absent.