Email Security Check

Analyze email security for a domain. Checks MX, SPF, DMARC and DKIM configuration.

What do we check?

MX records

MX (Mail Exchange) specifies which servers receive email for the domain. Without MX records, the domain cannot receive email.

SPF (Sender Policy Framework)

SPF defines which servers are authorized to send email on behalf of the domain. A good SPF record ends with -all (hard fail) or ~all (soft fail).

DMARC (Domain-based Message Authentication)

DMARC tells receiving servers what to do with email that fails SPF/DKIM checks. The policy can be none (report only), quarantine (spam), or reject (reject).

DKIM (DomainKeys Identified Mail)

DKIM digitally signs outgoing email so recipients can verify that the message hasn't been altered in transit and actually comes from the stated domain.

Scoring

We score the domain based on the presence and configuration of all four checks. A score of A means excellent email security, while F means critical configurations are missing.

How to use the email security check

The tool is easy to use. Follow these steps to analyze a domain's email security:

Enter the domain — Type the domain name you want to check (e.g. example.com without www or mail.)
Run the check — Click the button to start the analysis. The tool fetches MX, SPF, DMARC and DKIM records.
Review the results — Go through each section. Green indicator means configuration is correct, red or yellow shows issues.
Check the score — The overall score (A–F) gives a quick overview of how well the domain is protected against email fraud.
Implement improvements — Use the report to fix gaps with your DNS or email provider.

Why is email security important?

Email remains one of the most used communication channels for businesses and individuals. Without proper security you're vulnerable to several threats:

Phishing — Scammers send email that appears to come from you or your business to steal passwords, payment info or sensitive data. SPF, DKIM and DMARC make it harder to spoof email.
Spoofing — Attackers can send email that appears to come from your domain without access to your server. DMARC with reject policy blocks such email at recipients.
Reputation — Email landing in spam damages trust in your domain. Good email security improves deliverability and protects your brand.
Deliverability — Missing SPF, DKIM or DMARC causes legitimate email to land in spam more often. Gmail, Outlook and other services prioritize signed and authenticated email.

How to improve email security

Here's a practical guide to strengthen your domain's email security:

Set up SPF — Add a TXT record that specifies which IP addresses and servers are authorized to send email for the domain. Use -all for hard fail.
Configure DKIM — Enable DKIM signing with your email provider (Google Workspace, Microsoft 365, etc.). They give you a public key to add in DNS as a TXT record.
Enable DMARC — Create a DMARC TXT record with policy p=none first to collect reports, then p=quarantine or p=reject when you're confident.
Monitor reports — DMARC sends reports about who sends email on behalf of your domain. Use these to detect unauthorized use and fine-tune configuration.

Email security for businesses

For businesses, email security isn't just good practice — it's part of data protection and information security requirements.

GDPR and data protection authorities require that personal data is processed securely. Email that is spoofed or falls into the wrong hands can lead to data breaches that must be reported. SPF, DKIM and DMARC reduce the risk of email being exploited for phishing or data leaks.

Many public and private organizations now require that vendors have good email security. Showing that your domain has correct SPF, DKIM and DMARC can be a requirement in tenders and contracts. Use the email security check to document that you meet the requirements.

Frequently asked questions about email security

What does it mean if SPF is missing?

Without SPF, anyone can send email that appears to come from your domain. Receiving servers have no way to verify the sender, and email can easily be used for phishing. SPF is the first step in email security.

Why does my email land in spam?

Missing or incorrect SPF, DKIM and DMARC are common causes. Email providers like Gmail and Outlook use these to evaluate whether email is legitimate. Without them, your email scores lower and lands in spam more often.

Can I have both SPF and DKIM?

Yes, you should have both. SPF says which servers can send, DKIM digitally signs messages. They complement each other. DMARC uses both to determine whether email should be accepted.

What's the difference between p=none, p=quarantine and p=reject?

p=none means recipients only report, but don't block. p=quarantine sends failed email to spam. p=reject rejects email that fails checks entirely. Start with p=none to monitor, then tighten.

How long does it take for DMARC changes to take effect?

DNS changes can take from minutes to 48 hours to propagate, depending on TTL. The DMARC policy applies as soon as receiving servers have fetched the updated record. To be safe, wait 24–48 hours and run the check again.

Do I need email security for a personal domain?

Even for small use cases or personal domains it's wise. A domain without SPF/DKIM/DMARC can easily be abused to send phishing on your behalf. Setup takes little time and protects both you and your recipients.