Check all critical DNS records for a sending domain: MX, SPF, DMARC, DKIM presence, and BIMI. Quick deliverability pre-flight check.
Domain DNS Health Check: Verify All Email Records at Once
A properly configured email-sending domain requires at least four DNS records to work correctly: MX records for receiving replies, an SPF record authorizing senders, a DKIM record for signing, and a DMARC record for policy enforcement. This tool checks all of them simultaneously, giving you a complete picture of your domain's email DNS configuration in a single check.
The Gmail and Yahoo Bulk Sender Requirements that took effect in February 2024 changed the minimum DNS baseline. Sending more than 5,000 messages per day to either provider now requires SPF aligned with the From: domain, DKIM signing on every message, and a DMARC record with at least a p=none policy. Domains missing any of these get filtered to spam or rejected outright at Gmail and Yahoo; placement at other providers is degraded by association.
Critical Email DNS Records
| Record | DNS Name | Required for |
|---|---|---|
| A Record | yourdomain.com | Web hosting, PTR verification |
| MX Records | yourdomain.com | Receiving email |
| SPF TXT | yourdomain.com | Authorizing senders, anti-spoofing |
| DKIM TXT | sel._domainkey.yourdomain.com | Email signing, required by Gmail/Yahoo |
| DMARC TXT | _dmarc.yourdomain.com | Policy enforcement, required by Gmail/Yahoo |
| BIMI TXT | default._bimi.yourdomain.com | Logo in Gmail/Yahoo (optional) |
Common configuration mistakes this tool catches
Three patterns surface repeatedly in production deployments. First, multiple SPF records on the same domain: RFC 7208 specifies a single SPF record per domain, but operators often add a second one when bringing on a new ESP without realising it. Receiving MTAs see this as PermError and fall through to fail.
Second, DMARC at p=none indefinitely. The intent of p=none is observation-only during initial deployment; moving to p=quarantine then p=reject is what produces real anti-spoofing value. EasyDMARC's 2026 adoption report found that only 7.6% of domains with DMARC records enforce p=reject, despite the policy being mandatory effective protection.
Third, missing PTR/reverse DNS that does not match the EHLO/HELO name. Gmail and Microsoft both check this consistency as part of their authentication scoring. The tool does not directly query PTR but the A record check reveals the forward record that PTR should match.