Domain authentication scanner

Check that your domain name is correctly configured for e-mail delivery.

Enter a domain to check DNS records.

Frequently Asked Questions

What is our Domain Security Scanner?

Domain Security Scanner is a comprehensive domain health diagnostic tool designed to help you identify all potential issues with your domain security infrastructure.

With a simple click of the “Scan Domain” button, you can quickly check your SPF, DKIM, DMARC, and BIMI records to see how your domain is configured.

It was made from the opensource project Domain Security Scanner

What is SPF?

SPF (Sender Policy Framework) is an email authentication protocol designed to prevent spammers from sending messages on behalf of your domain. It works by allowing domain owners to specify which mail servers are permitted to send email on their behalf. When an email is received, the recipient’s mail server checks the SPF record in the domain’s DNS settings to verify if the sending server is authorized. If the server is listed, the email is considered authentic; if not, it may be marked as spam or rejected.

What is DKIM?

DKIM (DomainKeys Identified Mail) is an email authentication method that allows the recipient to check if an email claiming to come from a specific domain was indeed authorized by the owner of that domain. It uses a pair of cryptographic keys: a private key to sign the email’s header and a public key published in the domain’s DNS records. When the recipient’s mail server receives the email, it retrieves the public key from the DNS records to verify the signature. If the signature matches, the email is considered legitimate and unchanged during transit; if not, it may be flagged as suspicious.

What is DMARC ?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds on SPF and DKIM to provide an additional layer of protection against email spoofing. It allows domain owners to specify how email receivers should handle messages that fail SPF or DKIM checks. DMARC policies can be set to monitor email traffic, quarantine suspicious emails, or reject them outright. Additionally, DMARC provides a reporting mechanism that enables domain owners to receive feedback on how their emails are being processed, helping them understand and improve their email authentication practices.

What is BIMI ?

BIMI (Brand Indicators for Message Identification) is an email specification that allows brand logos to be displayed alongside authenticated emails in the recipient’s inbox. It works in conjunction with DMARC to ensure that the email is legitimately sent by the brand. When an email passes DMARC authentication, the recipient’s email client checks the domain’s DNS records for a BIMI record, which includes the URL of the brand’s logo. If the logo is verified, it is displayed next to the email in the inbox, enhancing brand recognition and trust. This visual indicator helps recipients quickly identify legitimate emails from trusted brands.

Why Email Authentification is important ?

Implementing SPF, DKIM, and DMARC is essential for enhancing your email security and protecting your domain from malicious activities such as phishing and spoofing. These protocols work together to ensure that only authorized senders can use your domain, maintain the integrity of your emails, and provide clear policies for handling unauthorized messages. This not only protects your brand’s reputation but also builds trust with your recipients, ensuring that your communications are secure and reliable.

Email authentication is essantial for transactional email and newsletters too