Small Tech Stack logo
Small Tech Stack logo
All articles

How to verify your domain's Email Authentication settings in under 90 secondsUpdated a month ago

OK, It's 2024 and we all know this means that Google, Yahoo, and others are scheduled to start tightening their rules on acceptance of non-authenticated emails.  And you've probably been through the setup process for SPF, DKIM, and DMARC and are crossing your fingers that everything is working correctly and that your emails are making passing grades and not being treated unfairly. 


Want to run a quick test to see if your Email Authentication settings are working properly?  It's not hard... and you can test a single email-sending system in under two minutes using any of the three methods below.


Note: For all three test methods below, you must be able to send an email FROM an address with your custom domain to another address.  Additionally, for method #1, you will need to be in a position to receive an email reply to that same address.


Method 1 - Use MXToolBox's Email Deliverability Tool 

  • Pros - Fast and also includes blacklist checks
  • Cons - Must be able to receive a reply message at your sending address

Instructions

  1. Send an email from the system you wish to test to [email protected]
  2. Wait approximately one minute and you should receive an email reply containing your results.  Then click on the big red link to view your full deliverability report.
  3. Look at the Delivery Information section.  Here you want to see a green checkmark for each of the following five tests:
    1. DMARC Compliant
    2. SPF Alignment
    3. SPF Authenticated
    4. DKIM Alignment
    5. DKIM Authenticated

This is a bad result:

  • SPF passes authentication... but fails domain alignment
  • DKIM also passes, but fails alignment
  • DMARC fails because neither SPF nor DKIM passed AND aligned

This is a perfect result:

  • SPF passes and is domain-aligned
  • DKIM passes and is domain-aligned
  • DMARC passes because of both of the above... but only one was required.


Method 2 - Use DMARCtester.com (formerly LearnDmarc.com)

  • Pros - Deep learning provided on how all this stuff works (SPF, DKIM, DMARC)
  • Cons - Lots of reading

Instructions

  1. Visit https://DMARCtester.com and copy the one-time-use email address from the page
  2. Send an email from the system you wish to test to that email address
  3. Wait for a few seconds ... then your email will arrive at the destination and the website will begin the process of explaining your DMARC results to you.
  4. You can click the "Fast Forward" button if you'd rather just skip directly to the results

This is an acceptable passing result:

  • This result shows that SPF failed, but DKIM, and therefore DMARC, both passed



This is a failing result:

  • This result shows failing both SPF and DKIM, which means a failing DMARC result


Here is a perfect result:

  • Both SPF and DKIM pass which means perfection


Method 3 - Use any Gmail account for a quick-n-dirty check

  • Pros - You can check emails that were sent to you in the past
  • Cons - No explanations provided on why you pass or fail specific tests and doesn't show domain alignment for either SPF or DKIM.

Instructions

  1. Send an email from the system you wish to test to a Gmail address that you control
  2. Once the email arrives, click the "Show Original" option on the message in your inbox (under the three-dots menu next to the message)
  3. At the top of the page, you'll see results for SPF, DKIM, and DMARC
    1. SPF: You want to see "PASS" here along the the IP address of the sending server
    2. DKIM: You want to see "PASS" here AND your custom domain
    3. DMARC: You want to "PASS" here as well... if you don't see a result at all, that means you don't even have a DMARC record and you need to get that fixed.

Here's a perfect result:

  • SPF Passes
  • DKIM Passes with the domain of the sender (not their email provider)
  • DKMARC Passes which also indicates the presence of a proper DMARC record


Here's a Passing result that still needs improvement:

  • SPF Passes (but the alignment failure is not displayed here)
  • DKIM passes, but not with sender's domain (DKIM alignment fails)
  • DMARC is not listed due to lack of a published DMARC policy record


Here is a Failing result that needs serious work:

  1. SPF Passes (but the alignment failure is not displayed here)
  2. DKIM passes, but not with sender's domain (DKIM alignment fails)
  3. DMARC fails because a DMARC policy has been published, but the email fully passes neither SPF or DKIM with alignment
Was this article helpful?
Yes
No