Is Your Domain Ready to Send Email?

What is SPF?

SPF is a simple list, stored in DNS, of the systems that are permitted to send mail that uses your domain in the envelope or header. When a message arrives, the receiving server can look up your SPF record and compare the sending IP to that list. It is one of the first layers mailbox providers expect for legitimate bulk and transactional mail.

Getting SPF wrong (for example, too many DNS lookups or more than one SPF TXT record) can cause random failures or spam placement. Our checker highlights those issues in plain language so you know what to fix.

What is DKIM?

DKIM adds a cryptographic signature to your messages. The public half of the key lives in DNS (usually under a name like selector._domainkey.yourdomain). Receivers verify the signature against that key, which helps prove the message was not tampered with in transit and often improves trust with large providers like Google and Microsoft.

Different email tools use different selector names, so “no DKIM found” on common selectors does not always mean you have no DKIM. It may mean your provider uses a custom name. Use their dashboard or support docs to confirm the exact selector.

What is DMARC?

DMARC builds on SPF and DKIM. It tells receivers what to do when a message fails those checks (for example, deliver it, quarantine it, or reject it) and can send you aggregate reports so you see who is sending as your domain. You publish DMARC as a TXT record at _dmarc.yourdomain.

A common path is to start with p=none to collect data, fix any legitimate sources that fail alignment, then move to quarantine or reject for stronger protection against spoofing and phishing.

Why email authentication matters

Mailbox providers use SPF, DKIM, and DMARC to fight spam and impersonation. When your records are correct and aligned, your mail is more likely to reach the inbox and less likely to be abused by bad actors pretending to be you. For cold outreach and high-volume sending, authentication is not optional. It is the baseline.

SendScale helps teams run outbound programs with warm-up, sequencing, and deliverability in mind; fixing DNS authentication is the foundation those efforts build on.

How to fix common email authentication issues

• SPF fails or “permerror”: ensure only one SPF TXT record exists, keep total DNS lookups under ten, and include every service that sends as your domain.
• DKIM fails: confirm the selector and key in DNS match your provider’s console; rotate keys if they were revoked (empty p=).
• DMARC fails: check that From domains align with SPF or DKIM, and tighten policy gradually while monitoring rua reports.

If you are unsure, your DNS host and email provider both publish step-by-step guides for their stack. Follow those alongside what you see in this tool.