check if your domain's email authentication is set up correctly. scan SPF, DKIM, and DMARC records and get a letter grade.
Enter a domain and get a health check on its email configuration: SPF, DKIM, DMARC records, and MX server setup. Identifies the most common deliverability problems before your email starts going to spam.
A DNS TXT record listing the servers authorized to send email on behalf of your domain. When a receiving mail server gets a message claiming to be from you@example.com, it checks the sending IP against the SPF record for example.com. If the IP is not in the list, the message is suspicious.
A typical SPF record looks like:
v=spf1 include:_spf.google.com include:sendgrid.net ~allThe ~allat the end is “soft fail” — anything not on the list is suspicious but not auto-rejected. -allwould be “hard fail.” Most teams use ~all to avoid bouncing legitimate edge cases.
A cryptographic signature attached to every outbound email from your domain. The receiving server fetches your public key from DNS and verifies the signature matches. A valid DKIM signature proves the message was actually sent by someone in possession of your private key — not a spoofer.
DKIM keys are configured per-sending-service. Gmail Workspace, SendGrid, Mailgun, Resend, Postmark — each gives you a DKIM key to publish in DNS. If you send through three services, you publish three DKIM records.
A policy that tells receiving servers what to do with mail that fails SPF or DKIM. A typical DMARC record:
v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100p=none — observe but do nothing. The starting point for any new DMARC deployment.p=quarantine — failed mail goes to spam.p=reject — failed mail is bounced outright. The strongest setting; only safe once SPF and DKIM are reliably passing for all legitimate sources.The rua tag tells the receiving server where to send aggregate failure reports. Pointing this at an inbox you actually read is how you catch misconfigurations before they cost you deliverability.
When standing up email for a new domain:
p=none and a working rua address. Watch the reports for a few weeks.p=quarantine, then to p=reject if you want maximum spoofing protection.Why your transactional email lands in spam
Given a domain, the tool queries DNS for SPF, DKIM selectors at common locations, DMARC, and MX records, and reports any that are missing, malformed, or potentially misconfigured. The check is read-only and consults public DNS records — your domain's mail does not change as a result of running it.
Enter a domain and get a health check on its email configuration: SPF, DKIM, DMARC records, and MX server setup. Identifies the most common deliverability problems before your email starts going to spam.
A DNS TXT record listing the servers authorized to send email on behalf of your domain. When a receiving mail server gets a message claiming to be from you@example.com, it checks the sending IP against the SPF record for example.com. If the IP is not in the list, the message is suspicious.
A typical SPF record looks like:
v=spf1 include:_spf.google.com include:sendgrid.net ~allThe ~allat the end is “soft fail” — anything not on the list is suspicious but not auto-rejected. -allwould be “hard fail.” Most teams use ~all to avoid bouncing legitimate edge cases.
A cryptographic signature attached to every outbound email from your domain. The receiving server fetches your public key from DNS and verifies the signature matches. A valid DKIM signature proves the message was actually sent by someone in possession of your private key — not a spoofer.
DKIM keys are configured per-sending-service. Gmail Workspace, SendGrid, Mailgun, Resend, Postmark — each gives you a DKIM key to publish in DNS. If you send through three services, you publish three DKIM records.
A policy that tells receiving servers what to do with mail that fails SPF or DKIM. A typical DMARC record:
v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100p=none — observe but do nothing. The starting point for any new DMARC deployment.p=quarantine — failed mail goes to spam.p=reject — failed mail is bounced outright. The strongest setting; only safe once SPF and DKIM are reliably passing for all legitimate sources.The rua tag tells the receiving server where to send aggregate failure reports. Pointing this at an inbox you actually read is how you catch misconfigurations before they cost you deliverability.
When standing up email for a new domain:
p=none and a working rua address. Watch the reports for a few weeks.p=quarantine, then to p=reject if you want maximum spoofing protection.Why your transactional email lands in spam
Given a domain, the tool queries DNS for SPF, DKIM selectors at common locations, DMARC, and MX records, and reports any that are missing, malformed, or potentially misconfigured. The check is read-only and consults public DNS records — your domain's mail does not change as a result of running it.
PDF utilities, image tools, developer helpers — all free, no signup.
Convert multiple images into a single PDF document.
Split a PDF into individual pages or custom ranges.
Pick colors, generate harmonious palettes, and export as HEX, RGB, or HSL.
Generate strong, random passwords with customizable length and character sets.
Count words, characters, sentences, paragraphs, and reading time in real-time.
Generate lorem ipsum placeholder text by paragraphs, sentences, or words.