What are MX, SPF, and DMARC records?

MX records tell the internet which servers receive a domain's email. SPF is a TXT record (starting v=spf1) listing the servers authorized to SEND email as the domain. DMARC is a TXT record at _dmarc. telling receivers what to do with mail that fails SPF/DKIM alignment — deliver it (p=none), send it to spam (p=quarantine), or reject it (p=reject).

Why is a missing DMARC record a problem?

Without DMARC, receiving mail servers have no instructions for handling mail that pretends to come from your domain, so spoofed phishing mail is often delivered anyway. You also get no aggregate reports, so you never learn who is abusing your domain. Every domain that sends email should publish at least p=none to start monitoring, then move to p=quarantine or p=reject.

What does +all mean in an SPF record?

The all mechanism ends an SPF record and sets the default verdict. +all means PASS for everyone — it authorizes every server on the internet to send mail as your domain, completely defeating SPF. Use ~all (soft fail) or -all (hard fail) instead. ?all (neutral) is also weak because it tells receivers to take no action.

邮件认证检测

检查任何域名的MX、SPF和DMARC配置

检查中...

以JSON获取此结果 → GET /api/email-auth?domain=google.com  ·  API文档

常见问题

什么是MX、SPF和DMARC记录？

MX记录告诉互联网哪些服务器接收该域名的邮件。SPF是一条以v=spf1开头的TXT记录，列出被授权以该域名身份发送邮件的服务器。DMARC是位于_dmarc.域名处的TXT记录，告诉接收方如何处理未通过SPF/DKIM对齐的邮件：照常投递（p=none）、进垃圾箱（p=quarantine）或直接拒收（p=reject）。

缺少DMARC记录有什么问题？

没有DMARC时，收件服务器对冒充您域名的邮件没有任何处理指令，伪造的钓鱼邮件往往照常投递。您也收不到汇总报告，永远不知道谁在滥用您的域名。每个发送邮件的域名都应至少发布p=none开始监控，然后逐步升级到p=quarantine或p=reject。

SPF记录中的+all是什么意思？

all机制位于SPF记录末尾，设定默认判定。+all表示对所有人都通过：它授权互联网上的每一台服务器以您的域名发信，完全废掉了SPF。应改用~all（软失败）或-all（硬失败）。?all（中立）同样很弱，因为它告诉接收方不采取任何行动。