Principal IT Consultants

Free DMARC, SPF, and DKIM Scanner

Is Your Domain Protected? Find Out in 30 Seconds

Is Your Domain Protected From Email Spoofing?

Run a free 30-second domain scan. Our SPF DKIM DMARC checker reads your domain's DNS and shows what's there, what's missing, and what to fix.
Free · No account · Results in 30 seconds

Runs: SPF record checker · DKIM record checker · DMARC record checker

"I Found Out Our Email Was Missing Something"

Maybe your invoices keep landing in spam. Maybe a client got an email that looked like you, but wasn’t. Many owners only learn their email setup is missing SPF, DKIM, or DMARC after they’ve lost business or someone clicked a link they shouldn’t have.

SPF, DKIM, and DMARC fix that. Together, these DNS records prove your mail is real, stop others from sending on your behalf, and keep your email deliverability high. Without them, mail servers at Google, Microsoft, and Apple may flag or block what you send.

What Google, Yahoo, Microsoft, and Apple Now Require

Email providers changed the rules in 2024 and 2025. Domains that don’t meet the new standards are getting flagged, filtered, and blocked. Your emails may be landing in spam folders instead of inboxes, and you might not even know it.

This free guide explains what the major providers now require and what it means for your business. Created in partnership with EasyDMARC, the email security tool we use with our clients.

    • Why the rules changed
    • A plain guide to SPF, DKIM, and DMARC
    • Steps to enable email authentication
    • What it means for small and mid-sized businesses
2025 Email Security Requirements Guide - Principal IT Consultants

SPF, DKIM, and DMARC, Explained

Each protocol does one job. Together they protect your domain.
SPF

Sender Policy Framework, a TXT record in your domain's DNS that lists the mail servers allowed to send mail for you. Run the SPF record checker to confirm yours is correct.

DKIM

Sender Policy Framework, a TXT record in your domain's DNS that lists the mail servers allowed to send mail for you. Run the SPF record checker to confirm yours is correct.

DMARC

Domain-based Message Authentication, Reporting & Conformance builds on SPF and DKIM. Your DMARC record sets a policy; the default is **p=none** (monitor), then **p=quarantine** or **p=reject**. It sends DMARC XML reports to the mailto address you set, giving feedback and reporting on who sends on your behalf, the start of your DMARC journey toward full DKIM and DMARC enforcement.

How the Domain Scan Works

1. Enter your domain

Simply send us the address, no login, no session to set up. Works on a subdomain too.

2. We check the DNS

The tool reads your domain's DNS and validates SPF, DKIM, and DMARC for the user's domain.

3. You get a result

See what's missing, what's correct, and clear instructions to fix it.

Your Scan Is Done.
Here's What to Fix.

A scan shows the gaps. The next step is closing them, before someone spoofs your domain or your mail keeps hitting spam. 

We’ll set up SPF, DKIM, and DMARC the right way, enforce your DMARC policy, and watch your reports so your emails reach supported inboxes and no one sends on your behalf. Once DMARC is enforced, brand indicators can display your logo next to your mail in Gmail and other supported inboxes, a trust signal customers see.

Book a free security review. Bring your scan resultWe’ll advise what to fix first and how to secure your domain for good. No charge, no pressure. 

Prefer to talk now?

Call +1 540 596-5957

SPF, DKIM & DMARC FAQ

What does this DMARC record checker do?

It checks whether a DMARC record exists on your domain, reads the DMARC policy, and flags problems. It covers the SPF record and DKIM record in the same scan.

How do I read DMARC XML reports?

Reports arrive at the mailto address in your record. They show which mail servers send on your behalf, so you can spot spoofing, fix gaps, and keep enhancing email deliverability. This is your DMARC journey.

Is the SPF DKIM DMARC checker free?

DMARC guards against direct domain spoofing but not every phishing tactic, like cousin domain attacks or display name abuse. It’s part of a broader security approach.

My emails go to spam. Will this help?

Often, yes. Missing or wrong records are a common cause. Correct SPF, DKIM, and DMARC and your legitimate emails are more likely to reach the inbox, not spam. 

Who can send emails as my domain right now?

Until DMARC is enforced, more senders may have access than you think. The scan and your reports show who’s sending on your behalf so you can verify each one. 

Disclaimer: This free tool reads public DNS records and gives general guidance on SPF, DKIM, and DMARC. Results depend on your DNS at scan time and are not a guarantee of email security or delivery. Validate any changes before you apply them and follow your provider’s instructions. Principal IT Consultants is not liable for losses from acting on these results. For full setup, contact our team.