What does this email security grader check?

This tool checks the SPF and DMARC records published for your domain and summarizes how strong those policies appear from a spoofing and deliverability perspective.

Yes. SPF, DKIM, and DMARC work best together as a modern email authentication stack.

Email Security Grader

Q: Why are my emails still going to spam?

Authentication is important, but inbox placement also depends on sender reputation, complaint rates, recipient engagement, sending patterns, and other filtering signals.

Instantly grade your domain’s SPF and DMARC setup, spot authentication gaps, and get clear next steps to improve deliverability and reduce spoofing risk.

Analyzing email authentication records...

Checks today

SPF and DMARC policy strength, rollout signals, and warnings

Helps with

Spoofing protection, email auth setup, and deliverability basics

Next step

Use TXT lookup or add DKIM checks later for a fuller audit

How SPF, DKIM, and DMARC work together

Think of email authentication as three layers. SPF says who is allowed to send, DKIM signs the message, and DMARC tells receivers how to handle failures and how to align authentication with your visible From domain.

📋

SPF

SPF publishes which services or IPs are allowed to send mail for a domain.

✍️

DKIM

DKIM adds a cryptographic signature so receivers can verify the message was signed by an approved domain.

🛡️

DMARC

DMARC adds policy and reporting on top of SPF and DKIM so you can monitor and enforce protection.

Common mistakes

A lot of domains publish records but still leave gaps. These are the mistakes that show up most often.

🚫

Multiple SPF records

A domain should publish one valid SPF record, not several separate ones.

🔥

Unsafe +all

A +all SPF policy is effectively no protection at all.

👀

DMARC stuck at p=none

Monitoring is useful, but domains often stay there too long and never move to enforcement.

📊

No DMARC reports

Without rua reporting, it is harder to see what is sending mail for your domain.

Why mail can still go to spam

Authentication is important, but it is only one part of inbox placement.

Sender reputation, complaint rates, list quality, sudden volume spikes, poor unsubscribe handling, and reverse DNS issues can all affect delivery even when your DNS records are present.

Also review these basics

• DKIM is enabled
• Sending IP has valid reverse DNS
• Marketing mail supports one-click unsubscribe
• SPF is not overloaded with lookups
• Your IP is not on major mail blacklists

Frequently Asked Questions

What does this grader check?

This grader checks the SPF and DMARC records published for your domain and summarizes how strong they appear from a spoofing and deliverability perspective.

Do I also need DKIM?

Yes. SPF, DKIM, and DMARC work best together as a modern authentication stack.

Why are my emails still going to spam?

Authentication helps, but inbox placement also depends on sender reputation, list quality, engagement, complaint rates, sending behavior, and reverse DNS.

What is a rua tag?

The rua tag tells receivers where to send DMARC aggregate reports so you can monitor who is sending mail for your domain.

Why does SPF size matter?

Large SPF records can become fragile because too many include and other DNS-query-causing mechanisms can push the record too far.