RSS

Show HN: Domain DMARC Checker

c0nrad1 pts0 comments

Domain Check Tool | DMARC Defender

Domain Check Tool<br>Check your domain for DMARC, SPF, MX, DKIM, BIMI, TLS-RPT, MTA-STS, and other email security records.<br>Domain<br>Check Domain

How It Works<br>Domain Scan<br>The tool queries public DNS servers then parses the relevant email authentication records. The results are then fed into a policy engine that highlights broken syntax, weak policy, and missing protections.<br>Public DNS lookup The checker reads the public DNS records that mailbox providers can see for the domain.<br>Authentication analysis DMARC, SPF, DKIM, BIMI, TLS-RPT, and MTA-STS records are evaluated for syntax, coverage, and policy quality.<br>Actionable issues The results highlight missing protections, risky settings, and misconfigurations that affect deliverability and spoofing resistance.

Issue Detection<br>What issues does it catch?<br>The checker looks for the failures that usually block DMARC enforcement, reduce deliverability, or leave gaps in your sender authentication setup.

HIGH<br>21 high severity issues<br>Example checks<br>No SPF record found for the domain.<br>The record does not start with 'v=spf1'.<br>Multiple SPF records were found for the domain.

Hide checks

MEDIUM<br>13 medium severity issues<br>Example checks<br>The record ends with '+all' (pass all).<br>The 'ptr' mechanism is used in the SPF record.<br>The record contains an unknown modifier (not 'redirect' or 'exp').

Hide checks

LOW<br>4 low severity issues<br>Example checks<br>No public key found in the DKIM record.<br>No BIMI record found for the domain.<br>BIMI record exists but is missing the required logo URI ('l=') tag.

Hide checks

Full list of checks<br>These are the rule sets currently used by the checker for DMARC, SPF, and DKIM analysis.<br>spf<br>TitleDescriptionDocumentationSPF Record ExistenceNo SPF record found for the domain.RFC 7208 - Sender Policy Framework: SPF RecordsInvalid Version TagThe record does not start with 'v=spf1'.RFC 7208 - SPF RecordsMultiple SPF RecordsMultiple SPF records were found for the domain.RFC 7208 - Multiple DNS RecordsDNS Lookup LimitThe SPF record requires more than 10 DNS lookups to resolve.RFC 7208 - DNS Lookup LimitsVoid DNS Lookup LimitThe SPF record triggered more than 2 void DNS lookups (lookups returning empty answers/NXDOMAIN).RFC 7208 - DNS Lookup LimitsMX DNS Lookup LimitThe SPF record uses an 'mx' mechanism that contains more than 10 entries.RFC 7208 - MX MechanismTop-level missing 'all' or 'redirect'The top-level SPF record does not contain an 'all' mechanism nor a 'redirect' modifier.RFC 7208 - Default ResultNested SPF record missing 'all' or 'redirect'One or more SPF records referenced through include or redirect do not contain an 'all' mechanism nor a 'redirect' modifier.RFC 7208 - Default ResultPermissive 'all' MechanismThe record ends with '+all' (pass all).RFC 7208 - The 'all' MechanismUsage of 'ptr' MechanismThe 'ptr' mechanism is used in the SPF record.RFC 7208 - 'ptr' (do not use)Syntax Error in MechanismOne or more mechanisms in the SPF record contain syntax errors.RFC 7208 - Mechanism DefinitionsUnknown ModifierThe record contains an unknown modifier (not 'redirect' or 'exp').RFC 7208 - Modifier Definitions

dkim<br>TitleDescriptionDocumentationDKIM Public KeyNo public key found in the DKIM record.RFC 6376 - DKIM Key RepresentationDKIM Key LengthRSA key is less than 1024 bits.RFC 8301 - Cryptographic Algorithm RecommendationsDKIM Testing ModeTesting mode flag (y) is set in the DKIM record.RFC 6376 - Key FlagsDKIM Deprecated Hash AlgorithmThe DKIM record only allows SHA-1 hash algorithm.RFC 8301 - Cryptographic Algorithm Recommendations

dmarc<br>TitleDescriptionDocumentationDMARC Record ExistenceNo DMARC record found for the domain.DMARC Defender - Quick Start GuideRFC 7489 - DMARC Policy RecordInvalid DMARC VersionThe DMARC record does not start with 'v=DMARC1'.RFC 7489 - DMARC VersionMissing DMARC PolicyNo policy (p) tag found in the DMARC record. Without a policy, DMARC is not enforcing any actions on unauthenticated emails.RFC 7489 - DMARC PolicyInvalid DMARC Policy OrderingDMARC policy (p) tag is not the first tag after the version.RFC 7489 - DMARC PolicyUnknown or non-standard DMARC TagThe DMARC record contains an unknown or non-standard tag.RFC 7489 - DMARC PolicyWeak DMARC PolicyDMARC policy is set to 'none', which only monitors without enforcing.RFC 7489 - Policy ActionsPartial DMARC EnforcementDMARC policy applies to less than 100% of emails.RFC 7489 - Percentage TagNo Aggregate Reports ConfiguredNo aggregate report URI (rua) is configured.RFC 7489 - Aggregate ReportsSubdomain Policy on SubdomainThe 'sp' tag is set on a subdomain DMARC record where it has no effect.RFC 7489 - Subdomain PolicyWeak Subdomain PolicySubdomain policy is weaker than the main domain policy, leaving subdomains less protected.RFC 7489 - Subdomain PolicyExternal Destination CheckIf sending DMARC reports to a separate domain, that domain must specify through DNS it is willing to receive reports.RFC 7489 - Verifying External...

record dmarc domain policy dkim found

Related Articles

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

AMavorParker8 ptstasks model training self populora play

Old Reddit Is Down

Crunsher7 ptsdata autoplay videoplayerelement comments function false

The ultimate female fantasy – A feminist critique of Beauty and the Beast

muge6 ptsbeast story paglia beauty older butler
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.