Audit your SPF, DKIM, DMARC, and MX records in seconds
Domain Health Check
Check Your Domain Health
Instantly audit your SPF, DKIM, DMARC, and MX records. Get a health score and actionable insights - no signup required.
Explore more free deliverability tools
View All Free ToolsEnter your domain
Getting Started
How to Use This Tool
Enter Your Domain
Type your domain name (e.g., example.com) into the input field. Do not include "http://" or "www" — just the bare domain.
Click "Check Health"
Hit the check button and the tool will query your domain's DNS records in real time. The analysis typically completes in a few seconds.
Review Your Results
You will see a health score along with pass, warning, or fail indicators for each record type — SPF, DKIM, DMARC, and MX. Each result includes a brief explanation of what was found and what to fix.
Understanding Results
How to Interpret Your Results
Pass
The record exists, is syntactically valid, and follows best practices. No action is required.
Warning
The record exists but has room for improvement. For example, a DMARC policy of "none" is technically valid but provides no enforcement against spoofing. Warnings should be addressed when possible but are not critical failures.
Fail
The record is either missing entirely or contains errors that will negatively impact your deliverability. Failed records should be fixed as soon as possible.
Overall Health Score
Your overall health score is a weighted aggregate of all four checks. A higher score means better alignment with email authentication best practices, which directly influences whether your emails reach the inbox or land in spam.
Learn More
What is Email Authentication?
Email authentication is a set of protocols that verify the identity of an email sender and confirm that a message has not been tampered with during transit. The three primary authentication standards are SPF, DKIM, and DMARC, and together they form the foundation of modern email deliverability.
SPF (Sender Policy Framework) allows domain owners to specify which mail servers are authorized to send email on their behalf. When a receiving server gets an email, it checks the sender's SPF record in DNS to verify the sending server is permitted. Without a valid SPF record, your emails are more likely to be flagged as suspicious or rejected outright.
DKIM (DomainKeys Identified Mail) adds a digital signature to outgoing emails. The receiving server uses a public key published in your DNS to verify the signature, confirming the message was sent by an authorized server and was not altered in transit. DKIM provides cryptographic proof of authenticity that mailbox providers rely on heavily.
DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together by telling receiving servers what to do when an email fails authentication — whether to deliver it, quarantine it, or reject it entirely. DMARC also provides a reporting mechanism so domain owners can monitor who is sending email using their domain.
Mailbox providers like Gmail, Outlook, and Yahoo use these protocols to decide whether to deliver email to the inbox, route it to spam, or block it entirely. Google and Yahoo now require bulk senders to have all three protocols properly configured. Without proper authentication, even legitimate marketing emails may never reach their intended recipients, damaging engagement rates and sender reputation over time.
MX (Mail Exchange) records are equally important — they tell the internet which servers handle incoming email for your domain. Misconfigured or missing MX records can prevent you from receiving replies, bounce notifications, and important feedback loops that inform your sending practices.
Common Questions
Frequently Asked Questions
What does a domain health check test?
A domain health check tests your email authentication records including SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), DMARC (Domain-based Message Authentication, Reporting & Conformance), and MX (Mail Exchange) records. It verifies that each record is properly configured, syntactically valid, and aligned with best practices to maximize your email deliverability.
What is a good domain health score?
A score of 80 or above generally indicates a well-configured domain. A perfect score of 100 means all your authentication records - SPF, DKIM, DMARC, and MX - are properly set up and following best practices. Scores between 60 and 80 suggest there are warnings that should be addressed. Anything below 60 indicates critical misconfigurations that are likely hurting your email deliverability.
Why is my DMARC showing as "warning"?
A DMARC warning typically means your DMARC record exists but uses a permissive policy like p=none, which monitors authentication failures without taking action on them. While p=none is a good starting point for monitoring, upgrading to p=quarantine or p=reject provides stronger protection against email spoofing. A warning may also appear if your DMARC record is missing the rua tag for aggregate reporting.
How often should I check my domain health?
You should check your domain health at least once a month and whenever you make changes to your DNS records, switch email service providers, or notice deliverability issues. Regular monitoring helps catch misconfigurations early before they impact your sender reputation. If you send high volumes of email, weekly checks are recommended.
What should I do if my SPF record is missing?
If your SPF record is missing, you need to create a TXT record in your domain's DNS settings. Start by identifying all the services that send email on your behalf (your email provider, marketing tools, CRM, etc.), then build an SPF record that includes all of them. You can use our free SPF Record Generator tool to create a valid record. Once published, it may take up to 48 hours for DNS changes to propagate.
Explore More
Related Tools
Get started in under 60 seconds
Stop guessing.
Start reaching the inbox.
Join email teams who use OptiMail to monitor, diagnose, and fix deliverability, powered by AI. 14-day free trial included. No credit card required.