Email Tools

Check MX records, SPF, DMARC, and DKIM configuration for any domain.

Command Line

$ curl https://dnsx.dev/dns/mx/gmail.com

$ curl https://dnsx.dev/spf/gmail.com

$ curl https://dnsx.dev/dmarc/gmail.com

Understanding Email Authentication

Email authentication is a set of protocols designed to verify that an email message actually comes from the domain it claims to be from. Without authentication, anyone can forge the "From" address in an email, making phishing and spoofing attacks trivially easy. The three pillars of email authentication -- SPF, DKIM, and DMARC -- work together to protect your domain's reputation and your recipients' inboxes.

Our email configuration checker analyzes all three components of your domain's email setup: MX records that define which servers handle incoming mail, SPF records that authorize outbound sending servers, and DMARC policies that instruct receivers how to handle authentication failures. Together, these provide a comprehensive view of your domain's email deliverability posture and help identify configuration issues that could cause emails to be rejected or marked as spam.

Email Authentication Concepts

SPF (Sender Policy Framework)

A DNS TXT record that lists IP addresses and domains authorized to send email for your domain. Receiving servers check SPF to verify the sending server is permitted, helping prevent spoofing.

DKIM (DomainKeys Identified Mail)

Adds a cryptographic signature to outgoing emails. The public key is published in DNS, allowing receivers to verify the message wasn't altered in transit and was sent by an authorized server.

DMARC Policy

Tells receiving servers what to do when SPF and DKIM checks fail: "none" (report only), "quarantine" (spam folder), or "reject" (block). Also configures aggregate and forensic reporting.

MX Records

DNS records specifying which mail servers accept email for your domain. Priority values determine the order servers are tried -- lower numbers are tried first, with higher numbers as fallbacks.

Email Deliverability

The ability of your emails to reach recipients' inboxes. Affected by authentication (SPF, DKIM, DMARC), sender reputation, content quality, IP blocklists, and consistent sending patterns.

SPF Lookup Limit

SPF records are limited to 10 DNS lookups during evaluation. Exceeding this limit causes a "permerror" result, which can lead to email delivery failures. Use "ip4" and "ip6" mechanisms to reduce lookups.

Frequently Asked Questions

What is SPF?▼

SPF (Sender Policy Framework) is an email authentication protocol that allows domain owners to specify which mail servers are authorized to send email on behalf of their domain. It works by publishing a DNS TXT record that lists approved IP addresses and hostnames. When a receiving mail server gets an email, it checks the SPF record to verify the sending server is authorized. SPF helps prevent email spoofing and phishing by rejecting emails from unauthorized sources.

What is DMARC?▼

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that builds on SPF and DKIM. It allows domain owners to publish a policy specifying how receiving servers should handle emails that fail authentication checks. DMARC policies include "none" (monitor only), "quarantine" (send to spam), and "reject" (block entirely). DMARC also provides reporting so domain owners can see who is sending email using their domain.

How do MX records work?▼

MX (Mail Exchange) records are DNS records that specify which mail servers accept email for a domain. Each MX record has a priority value (lower numbers = higher priority) and a hostname pointing to the mail server. When someone sends an email to your domain, the sending server queries your MX records, then attempts delivery to the highest-priority server first. If that server is unavailable, it falls back to lower-priority servers, providing redundancy for email delivery.

What does DMARC policy "reject" vs "quarantine" mean?▼

A DMARC policy of "reject" instructs receiving mail servers to completely block emails that fail both SPF and DKIM authentication -- these emails are never delivered. A "quarantine" policy tells receivers to accept the email but treat it as suspicious, typically placing it in the spam or junk folder. The "none" policy takes no action but still generates reports. Organizations typically start with "none" for monitoring, move to "quarantine" for testing, and finally adopt "reject" for maximum protection against spoofing.

How do I improve email deliverability?▼

To improve email deliverability: (1) Set up SPF records listing all authorized sending servers, (2) Configure DKIM to digitally sign outgoing emails, (3) Publish a DMARC policy starting with "none" and gradually moving to "reject", (4) Ensure your mail server IP isn't on blocklists, (5) Use proper MX records with redundant mail servers, (6) Maintain consistent sending patterns and volumes, and (7) Set up reverse DNS (PTR records) for your mail server IPs. Our email checker tool can verify your SPF, DMARC, and MX configuration.