SPF, DKIM & DMARC checker
Enter a domain and the tool verifies the three DNS records that decide whether your e-mail lands in the inbox or in spam — with an actionable recommendation for every finding.
Find the DKIM selector in your sending service docs — common values: default, mail, k1, google, selector1.
Why these three records decide deliverability
SPF lists the servers allowed to send as your domain; DKIM signs each message; DMARC tells receivers what to do when checks fail. Gmail, Outlook and others now routinely junk or reject mail without them — especially for bulk senders.
How to fix what the tool finds
All three are TXT records in your domain’s DNS — your mail provider supplies the values and you paste them into DNS management. With VEDOS hosting, mailboxes and DNS live in one place (mailhosting is included free), so fixes take minutes.
Frequently asked questions
How do I find my DKIM selector?
In the docs of whatever sends your mail (mailhosting, Google Workspace, a newsletter tool). Common values: default, mail, k1, google, selector1. You can also see it in a sent message’s DKIM-Signature header (s=...).
Which is better: ~all or -all?
-all (hard fail) means “reject everything else”, ~all (soft fail) means “treat everything else as suspicious”. Start with ~all; move to -all once you are sure every sending service is in your SPF.
Why do I need DMARC if I have SPF and DKIM?
On their own, SPF and DKIM don’t tell receivers what to do on failure and don’t protect the visible From address from spoofing. DMARC ties both together, enforces a policy and sends you abuse reports.