Free DNS, SPF & DMARC Checker
Is Your Domain Vulnerable to Email Spoofing?
Email Security Audit: We validate SPF, DKIM, and DMARC records, check MX configuration, detect subdomain takeover risks, and identify DNS zone vulnerabilities that leave your domain open to phishing attacks.
Ready to scan.
75+ security checks — SSL, Ports, Headers, Files, CORS, DNS, DKIM & Compliance
Enterprise-grade recon engine for agencies, SaaS teams, and security-focused founders.
example.com
Scan complete
Why DNS & Email Authentication Matters
91% of Attacks Start Here
Without SPF, DKIM, and DMARC, anyone can send emails from your domain. Email spoofing powers business email compromise (BEC) — a $2.7 billion annual cybercrime category.
Domains Without DMARC
Attackers target domains without DMARC enforcement because spoofed emails reach inboxes. A misconfigured SPF record also sends your legitimate emails to spam.
Full Chain Validation
AI QA Monkey validates SPF syntax and lookup limits, DKIM key strength, DMARC policy enforcement, and checks for subdomain takeover and dangling CNAME records.
Sample Scan Results
Here's what a typical DNS & email security scan reveals — real findings from anonymized scans.
What We Check
SPF Record Validation
Parse and validate your SPF record syntax, check DNS lookup count (max 10), detect overly permissive +all mechanisms, and verify authorized sender IPs.
DKIM Key Analysis
Check DKIM selector records for proper key length (minimum 2048-bit recommended), valid syntax, and correct DNS publication.
DMARC Policy Check
Analyze your DMARC record for policy strength (none/quarantine/reject), reporting configuration (rua/ruf), subdomain policy, and alignment mode.
MX Record Analysis
Verify MX record configuration, check for redundancy and failover, validate priority ordering, and detect misconfigured mail routing.
Subdomain Takeover Detection
Identify dangling CNAME records pointing to unclaimed cloud services (S3, Azure, Heroku, GitHub Pages) — a critical hijacking risk.
Blacklist Monitoring
Check if your domain or mail server IPs appear on major email blacklists (Spamhaus, Barracuda, SORBS) that block your emails.
Open Port Scanning
Find exposed mail ports (25, 465, 587, 993, 995), admin panels, and DNS services that shouldn't be publicly accessible.
SSL & Security Headers
Certificate validation, HSTS, CSP, and critical header analysis for your domain and mail infrastructure.
Attack Surface Mapping
Visual network graph of your full external attack surface — subdomains, DNS records, open ports, mail servers, and SSL status in one interactive map.
Subdomain Discovery
Enumerate subdomains via DNS brute-force and certificate transparency logs to map your full domain footprint.
One-Click Copy Fix
Every finding includes a "Copy Fix" button with the exact DNS record you need to add, plus an "AI Fix Prompt" for ChatGPT or Claude.
Export JSON / CSV
Download raw DNS audit data for your IT team or paste into any AI tool for instant remediation steps.
Industry Security Index
See how the top companies in your industry rank for cybersecurity. Public leaderboards updated in real-time.
Explore More Security Tools
Go beyond DNS checks. AI QA Monkey offers specialized scanners for every layer of your web infrastructure.
WordPress Security Scanner
Scan WordPress sites for malware, plugin vulnerabilities, admin exposure, and xmlrpc.php brute-force risks.
Shopify Security Scanner
Check your Shopify store for exposed API keys, checkout vulnerabilities, and third-party app risks.
React App Security
Scan React and Node.js apps for XSS, exposed .env files, CORS misconfigurations, and source map leaks.
API & CORS Scanner
Detect misconfigured CORS policies, exposed API endpoints, and authentication bypass vulnerabilities.
Open Port Scanner
Discover open ports and exposed network services that could be exploited by attackers.
Compliance Scanner
Map your security posture against PCI DSS, ISO 27001, OWASP Top 10, and GDPR requirements.
Related Security Guides
Protect your domain from email spoofing and phishing with our expert setup guides.
SPF, DKIM & DMARC Setup Guide
Step-by-step DNS record setup for Google Workspace, Microsoft 365, and custom mail servers.
Security Headers Guide
Configure CSP, HSTS, X-Frame-Options and more to complement your email authentication.
SSL/TLS Certificate Fix Guide
Fix certificate issues, enforce HTTPS, and configure TLS for secure email transport.
OWASP Top 10 Explained
Every OWASP Top 10 vulnerability explained with detection methods and fix commands.
Email Spoofing Prevention
How attackers forge sender addresses and how SPF, DKIM, and DMARC work together to stop them.
DNS Security Best Practices
DNSSEC, CAA records, NS hardening, and zone transfer protection to secure your domain infrastructure.
Common Questions
What is SPF and why does my domain need it?
SPF (Sender Policy Framework) is a DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. Without SPF, attackers can send emails that appear to come from your domain (email spoofing), which is used in phishing attacks, business email compromise (BEC), and spam campaigns that damage your domain reputation.
What DMARC policy should I use?
Start with p=none to monitor without blocking, then move to p=quarantine to send suspicious emails to spam, and finally p=reject to block spoofed emails entirely. AI QA Monkey checks your current policy and recommends the appropriate next step based on your domain's email authentication maturity.
What's the difference between SPF, DKIM, and DMARC?
SPF verifies that the sending server is authorized by the domain owner. DKIM adds a cryptographic signature to emails that proves the message wasn't altered in transit. DMARC ties SPF and DKIM together with a policy that tells receivers how to handle failures. All three work together — SPF authorizes servers, DKIM ensures integrity, and DMARC enforces the rules.
My SPF record has too many lookups — how do I fix it?
The SPF specification limits DNS lookups to 10. If you exceed this, your SPF record fails silently. Common fixes include: flattening SPF records by replacing include: mechanisms with direct IP ranges, removing unused services, and using SPF macro syntax. AI QA Monkey detects this issue and provides the exact flattened record you need.