DNS Security Checker
DNS security records (SPF, DKIM, DMARC) protect your domain from email spoofing and phishing attacks. Without DMARC enforcement, anyone can send email appearing to come from your domain. Without DNSSEC, DNS responses can be forged. These are critical for email deliverability and brand protection.
What it checks
- ✓DMARC record (email authentication policy)
- ✓SPF record (authorized mail senders)
- ✓DKIM setup
- ✓DNSSEC (DNS response signing)
- ✓CAA records (certificate authority authorization)
- ✓MTA-STS (SMTP security policy)
- ✓BIMI (Brand Indicators for Message Identification)
Why it matters
Missing DMARC allows phishing emails to appear from your domain. Domains without SPF/DMARC are used in business email compromise (BEC) attacks — the most costly cybercrime category. Google and Yahoo now require DMARC for bulk senders.
Common issues found
No DMARC recordDMARC policy set to p=none (monitoring only, no enforcement)Missing or misconfigured SPF recordSPF record exceeds 10 DNS lookupsNo DNSSEC
Enter a domain to check
Free, instant DNS Security check — no account required
Other free security checkers
SSL/TLSCheck SSL certificate validity, expiry date, cipher suites, and TLS version configuration.Security HeadersCheck for Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and other critical security headers.CORSDetect CORS misconfigurations that allow unauthorized cross-origin requests to your API.Cookie SecurityCheck session cookies for HttpOnly, Secure, SameSite flags and other security attributes.