Free tool
SPF DKIM DMARC checker for cold email
Run the three core authentication checks together before a cold email campaign goes live: SPF, DKIM, and DMARC.
This checks SPF, DKIM, and DMARC for one domain. For a real launch verdict, run every domain, inbox, and tracking domain through the full QA pass.
Runs live in your browser via public DNS. Nothing is stored.
How to read the authentication result
A launch-ready sending domain needs one valid SPF record, a DKIM key for the selector your sending platform uses, and a DMARC record at _dmarc.yourdomain.com. This checker runs all three lookups together so you can spot missing records before an outbound campaign starts.
Treat warnings as launch risk, not trivia. A p=none DMARC policy may be acceptable during setup, and a DKIM CNAME can be valid, but both need a deliberate review before you send volume.
Where this fits in cold email QA
SPF, DKIM, and DMARC prove the domain is authenticated. They do not prove the inbox can receive replies, the tracking domain has valid SSL, the domain is clear of blacklists, or the full workspace is ready to launch.
For a single domain, use this as the authentication checkpoint. For a real launch, run the full OutboundQA pass across every sending domain, inbox, and tracking domain so the team has a verdict and a shareable report.
What this check does not catch
A passing SPF, DKIM, and DMARC lookup is useful, but it is not launch signoff. Cold email campaigns still fail when adjacent records, tracking domains, or inbox-level settings are broken.
Setup guides for this check
Read the setup notes behind this result, then verify the neighboring records before launch.
SPF for cold email
The exactly-one-record rule, the 10 DNS lookup limit, and the SPF mistakes that block a launch.
DKIM for cold email
Selectors, public keys in DNS, and DKIM setup for Google Workspace and Microsoft 365.
DMARC for cold email
Policies, alignment, rua reports, and the Gmail and Yahoo requirement that made DMARC mandatory.
Google and Yahoo bulk sender requirements
SPF, DKIM, DMARC, one-click unsubscribe, and the spam-rate thresholds bulk senders must meet.
Need to check a full outbound workspace?
OutboundQA checks every domain, inbox, and tracking domain in the workspace, then gives you a shareable report with a Ready, Needs Fix, or Do Not Launch verdict.
Cold email launch checks to run next
Use this result as one checkpoint in the launch flow. Then verify the neighboring records and run the combined domain check before the outbound launch goes live.
SPF Checker
Look up a domain's SPF record and count its DNS lookups against the limit of 10.
DMARC Checker
Look up a domain's DMARC record and read its policy in plain English.
DKIM Checker
Look up a domain's DKIM selector and confirm the public key exists.
MX Checker
Look up a domain's MX records and detect the mail provider.
Blacklist Checker
Check a domain and sampled mail server IPs against domain and email blocklists.
Reputation Checker
Check observable cold email reputation risks across age, blacklist, authentication, MX, and HTTPS signals.
Deliverability Checker
Check observable cold email infrastructure readiness across MX, SPF, DKIM, DMARC, blacklist, age, tracking-domain, and SMTP egress identity signals.
Domain Checker
Run MX, SPF, and DMARC in one pass for a quick readiness verdict on a sending domain.
Sample Launch QA Report
See the report founders, teams, and agencies can share after the full QA pass.
Email Deliverability Tool
See how one-off checks turn into pre-launch QA for full cold email workspaces.
Questions
It checks the three authentication records receivers use to decide whether mail is allowed, signed, and covered by a domain policy. SPF lists approved senders, DKIM verifies the message signature, and DMARC tells receivers what to do when authentication fails.
DKIM records are published under a selector, such as google, selector1, s1, or a provider-specific value. The selector has to match the platform that will send the campaign, so a real DKIM check needs both the domain and selector.
No. Passing authentication is necessary, but it is not full launch signoff. A full check also covers MX, tracking-domain SSL, blacklist status, domain age, inbox setup, and Google/Yahoo sender requirements across the workspace.
More free tools
SPF Checker
Look up a domain's SPF record and count its DNS lookups against the limit of 10.
DMARCDMARC Checker
Look up a domain's DMARC record and read its policy in plain English.
DKIMDKIM Checker
Look up a domain's DKIM selector and confirm the public key exists.
MXMX Checker
Look up a domain's MX records and detect the mail provider.
RBLBlacklist Checker
Check a domain and sampled mail server IPs against domain and email blocklists.
REPReputation Checker
Check observable cold email reputation risks across age, blacklist, authentication, MX, and HTTPS signals.
DELIVDeliverability Checker
Check observable cold email infrastructure readiness across MX, SPF, DKIM, DMARC, blacklist, age, tracking-domain, and SMTP egress identity signals.
QADomain Checker
Run MX, SPF, and DMARC in one pass for a quick readiness verdict on a sending domain.