Email Auth Checker

MX records tell the internet which servers receive a domain's email. SPF is a TXT record (starting v=spf1) listing the servers authorized to SEND email as the domain. DMARC is a TXT record at _dmarc.<domain> telling receivers what to do with mail that fails SPF/DKIM alignment — deliver it (p=none), send it to spam (p=quarantine), or reject it (p=reject).

Without DMARC, receiving mail servers have no instructions for handling mail that pretends to come from your domain, so spoofed phishing mail is often delivered anyway. You also get no aggregate reports, so you never learn who is abusing your domain. Every domain that sends email should publish at least p=none to start monitoring, then move to p=quarantine or p=reject.

The all mechanism ends an SPF record and sets the default verdict. +all means PASS for everyone — it authorizes every server on the internet to send mail as your domain, completely defeating SPF. Use ~all (soft fail) or -all (hard fail) instead. ?all (neutral) is also weak because it tells receivers to take no action.