Domain DNS Health Check

Check all critical DNS records for a sending domain: MX, SPF, DMARC, DKIM presence, and BIMI. Quick deliverability pre-flight check.

Domain DNS Health Check: Verify All Email Records at Once

A properly configured email-sending domain requires at least four DNS records to work correctly: MX records for receiving replies, an SPF record authorizing senders, a DKIM record for signing, and a DMARC record for policy enforcement. This tool checks all of them simultaneously, giving you a complete picture of your domain's email DNS configuration in a single check.

The Gmail and Yahoo Bulk Sender Requirements that took effect in February 2024 changed the minimum DNS baseline. Sending more than 5,000 messages per day to either provider now requires SPF aligned with the From: domain, DKIM signing on every message, and a DMARC record with at least a p=none policy. Domains missing any of these get filtered to spam or rejected outright at Gmail and Yahoo; placement at other providers is degraded by association.

Critical Email DNS Records

RecordDNS NameRequired for
A Recordyourdomain.comWeb hosting, PTR verification
MX Recordsyourdomain.comReceiving email
SPF TXTyourdomain.comAuthorizing senders, anti-spoofing
DKIM TXTsel._domainkey.yourdomain.comEmail signing, required by Gmail/Yahoo
DMARC TXT_dmarc.yourdomain.comPolicy enforcement, required by Gmail/Yahoo
BIMI TXTdefault._bimi.yourdomain.comLogo in Gmail/Yahoo (optional)

Common configuration mistakes this tool catches

Three patterns surface repeatedly in production deployments. First, multiple SPF records on the same domain: RFC 7208 specifies a single SPF record per domain, but operators often add a second one when bringing on a new ESP without realising it. Receiving MTAs see this as PermError and fall through to fail.

Second, DMARC at p=none indefinitely. The intent of p=none is observation-only during initial deployment; moving to p=quarantine then p=reject is what produces real anti-spoofing value. EasyDMARC's 2026 adoption report found that only 7.6% of domains with DMARC records enforce p=reject, despite the policy being mandatory effective protection.

Third, missing PTR/reverse DNS that does not match the EHLO/HELO name. Gmail and Microsoft both check this consistency as part of their authentication scoring. The tool does not directly query PTR but the A record check reveals the forward record that PTR should match.