NetworkWhois - Free network diagnostic tools

Email Validator - Check SPF, DKIM, DMARC & MX Records

Validate your domain's email authentication by checking MX records, SPF, DKIM, and DMARC. Proper email authentication prevents spoofing, improves inbox placement, and protects your domain reputation from phishing. This validator produces a 0–100 score and actionable recommendations to improve deliverability and security.

Email Validator

Tip: You can validate subdomains too (e.g., mail.example.com). For DNS inspection use DNS Records Lookup.

How to use the email validator

  1. Enter your domain (avoid http:// or www).
  2. Run validation to check MX, SPF, DKIM, DMARC, and reverse DNS signals.
  3. Use the recommendations to fix weak policies (e.g., SPF ~all → -all, DMARC none/quarantine → reject).
  4. If you make DNS changes, confirm propagation using DNS Propagation Checker.

Understanding your score

Your score reflects both completeness and strength of authentication policies. A domain with records present but weak policies (like DMARC p=none) can still score lower than an enforced configuration.

What each record does

  • MX: where email for your domain should be delivered.
  • SPF: which servers are allowed to send mail for your domain.
  • DKIM: cryptographic signatures proving messages weren't modified.
  • DMARC: policy for failures + reporting visibility.

Common Questions

What does an email validator check?

This tool checks a domain’s email authentication and routing: MX records (mail routing), SPF (authorized senders), DKIM (cryptographic signatures), DMARC (policy + reporting), and reverse DNS signals.

Why do SPF, DKIM, and DMARC matter?

They prevent spoofing and improve deliverability. Without them, attackers can impersonate your domain and providers are more likely to mark your mail as spam.

Why does SPF pass but emails still go to spam?

Deliverability also depends on reputation, content, and engagement. A valid SPF record is necessary but not sufficient—DKIM/DMARC alignment and clean sending IP reputation matter too.

Do I need DMARC if I already have SPF and DKIM?

Yes. DMARC tells receivers what to do when authentication fails and enables reporting. It’s the enforcement layer that ties SPF/DKIM together.

What’s a good email configuration score?

In general, 90–100 is excellent, 75–89 is good, 60–74 needs improvement, and below 60 indicates missing or risky configuration that can hurt deliverability and security.

How long do DNS changes take to apply?

DNS propagation depends on TTL and caching. Changes can appear quickly but may take up to 24–48 hours globally. You can monitor propagation while waiting.

Related tools