Free tool · Email auth checkerNo signup · runs in your browser

Is your email quietly
landing in spam?

Four DNS records decide whether your outreach reaches the inbox or the junk folder: SPF, DKIM, DMARC and MX. Check all four in seconds and get a plain-English read on what's working, what's risky, and what's actively costing you replies.

Check your domain

Runs entirely in your browser via Cloudflare's public DNS resolver. We never see or store the domains you check.

Plain English, no jargon

The four records, translated.

Email authentication sounds like sysadmin territory, but the ideas are simple. Think of your domain as a business address — these records are the guest list, the wax seal, the handling instructions and the letterbox.

SPFSender Policy Framework

The guest list

A single DNS record that lists every server allowed to send email as your domain. If a server isn't on the list, Gmail and Outlook know the mail is probably forged — and if you have no list at all, they assume the worst about everything you send.

DKIMDomainKeys Identified Mail

The wax seal

A cryptographic signature stamped on every email you send, verified against a public key in your DNS. It proves the message really came from you and wasn't tampered with in transit. Gmail and Yahoo effectively require it from anyone doing outreach.

DMARCDomain-based Message Authentication

The instructions

The policy that tells inbox providers what to do when a message fails SPF or DKIM: deliver it anyway, quarantine it, or reject it outright. Since 2024, Gmail and Yahoo require bulk senders to publish one. No DMARC means your domain is trivially spoofable.

MXMail Exchange

The letterbox

The records that say where email sent to your domain should be delivered. No MX means replies, bounces and unsubscribe requests go nowhere — a red flag for spam filters, and a problem under the AU Spam Act, which requires a working unsubscribe channel.

Why it matters

Broken authentication fails silently.

Your replies never happen

An unauthenticated cold email doesn't bounce — it silently lands in spam. You keep sending, the metrics look fine, and the replies just never come. Most senders discover the problem months and hundreds of leads too late.

Gmail & Yahoo now enforce it

Since February 2024, Gmail and Yahoo require SPF or DKIM from every sender and DMARC from bulk senders. This isn't best practice any more — it's the price of admission to the inbox your leads actually read.

Your domain gets impersonated

Without enforcement, anyone can send email as your business — invoices, phishing, the lot. Every forged message that lands burns the sender reputation your real outreach depends on.

This checker reads public DNS records only. DKIM lives at a selector name only the sender knows, so we test the ten most common ones — a custom selector can show as “not found” even when DKIM is set up. Treat results as a strong signal, not a legal or compliance ruling.

Fix the records once. Then go find someone to email.

Deliverability gets your email into the inbox — SalesM8 gives you the inboxes worth landing in: 275,000+ Australian businesses indexed from government data, with verified phone and email on the contactable ones, a built-in CRM and a calling cockpit.

  • Live today:AU lead finder, government tender leads, CRM & pipeline, calling cockpit, CSV export
  • Managed deliverability:SPF, DKIM & DMARC configured and monitored for you, automaticallyComing