How to Use the Domain Authentication Checker

Use the Domain Authentication Checker to verify the crucial email security mechanisms – SPF, DKIM, and DMARC – for any domain. This helps assess its email deliverability health and protection against spoofing.

How to Use the Checker

1. Navigate to the Tool: Go to the Domain Authentication Checker page.
2. Enter Domain Name: In the "Domain Name" field, enter the domain you want to check (e.g., example.com). Do not include `http://` or `www.`.
3. Adjust Timeout (Optional): Set the maximum time (5-30 seconds, default 10) the tool should wait for DNS lookups to complete. Longer timeouts might be needed for complex DNS setups but increase wait time.
4. Advanced Options (Optional):
   • Click the `Show advanced options` checkbox to reveal more settings.
   • Check DKIM records: (Checked by default) Uncheck if you only want to check SPF and DMARC.
   • Check DMARC policy: (Checked by default) Uncheck if you only want to check SPF and DKIM.
   • Perform deep scan: Check this to perform a more exhaustive search for DKIM selectors. This may take significantly longer but can find selectors not commonly used.
5. Start Check: Click the Check Domain button. A spinner will appear while the tool queries DNS records.

Understanding the Results

• Overall Score & Summary:
  • A score from 0-100 is displayed in a colored circle (Green=Good, Yellow=Medium, Red=Poor) representing the overall authentication health.
  • A brief text summary of the findings is provided.
• SPF (Sender Policy Framework) Section:
  • Summary: Explains if a valid SPF record was found and its status.
  • Record: Shows the actual SPF TXT record found in DNS (if any).
  • Badge: Indicates the status (Valid, Invalid Format, Missing).
  • What it is: SPF lists allowed mail servers for the domain.
• DKIM (DomainKeys Identified Mail) Section:
  • Summary: Explains if DKIM seems configured.
  • Selectors: Lists any DKIM selectors found during the scan (these are part of the DNS record name, e.g., `selector1._domainkey`).
  • Badge: Indicates status (Configured, Missing).
  • What it is: DKIM adds a digital signature to emails to verify authenticity.
• DMARC (Domain-based Message Authentication...) Section:
  • Summary: Explains the DMARC policy status.
  • Record: Shows the actual DMARC TXT record found (if any).
  • Badge: Indicates the configured policy and validity (Strict Policy (Reject), Quarantine, Monitoring Only (None), Invalid, Missing).
  • What it is: DMARC tells receivers how to handle emails failing SPF/DKIM and enables reporting.
• Recommendations Section:
  • Provides specific, actionable advice based on the check results.
  • Recommendations are categorized by severity (CRITICAL, WARNING, INFO).
  • Includes examples of correct DNS record formats where applicable.
• Email Authentication Guide Section:
  • A quick reference guide explaining SPF, DKIM, and DMARC with basic examples and tips.
• Raw JSON Response Section:
  • A collapsible section showing the raw data returned by the backend API, useful for debugging or detailed analysis.

Tips for Improving Domain Authentication

• Regularly check your own domain(s) to ensure records are correct and haven't expired or been misconfigured.
• When implementing DMARC, always start with a monitoring policy (`p=none`) and use the reports (`rua=mailto:...`) to verify all legitimate sending sources are passing SPF/DKIM before moving to `p=quarantine` or `p=reject`.
• Use the generated recommendations to work with your IT department, domain registrar, or DNS provider to update your DNS records.
• The "Deep Scan" option can be useful if you suspect DKIM is set up but not being detected with standard selector names.
• Properly configured SPF, DKIM, and DMARC (with an enforcement policy) significantly improve email deliverability and protect your domain's reputation.