Domain Authentication Checker
Check SPF, DMARC, BIMI, MTA-STS, and TLS-RPT records for any domain — free.
Checks SPF, DMARC, BIMI, MTA-STS, and TLS-RPT records simultaneously.
Understanding Email Authentication Protocols
SPF (Sender Policy Framework)
SPF specifies which mail servers are authorized to send email for your domain. It works by publishing a DNS TXT record that lists approved IP addresses and hostnames. Receiving servers check this record to verify that incoming mail comes from an authorized source.
DMARC (Domain-based Message Authentication)
DMARC ties SPF and DKIM together and tells receiving mail servers what to do when neither authentication method passes — reject, quarantine, or allow the message. It also enables aggregate and forensic reporting so domain owners can monitor authentication results.
BIMI (Brand Indicators for Message Identification)
BIMI lets organizations display their brand logo next to authenticated emails in supporting email clients. It requires a valid DMARC policy (quarantine or reject) and optionally a Verified Mark Certificate (VMC) for logo display in Gmail and Apple Mail.
MTA-STS (Mail Transfer Agent Strict Transport Security)
MTA-STS tells sending mail servers that your domain requires TLS encryption for email delivery. It prevents downgrade attacks and man-in-the-middle interception by publishing a DNS record and a policy file that mandate encrypted connections.
TLS-RPT (TLS Reporting)
TLS-RPT enables receiving mail servers to report TLS connection failures back to you. When combined with MTA-STS, it provides visibility into delivery problems caused by certificate errors, expired certificates, or misconfigured encryption.
Why All 5 Protocols Matter
Anti-Spoofing
SPF + DMARC prevent unauthorized senders from impersonating your domain.
Encryption
MTA-STS + TLS-RPT ensure email is encrypted in transit and report failures.
Brand Trust
BIMI displays your logo in the inbox, increasing recipient confidence and open rates.
Need help fixing your email authentication?
AutoSPF automatically flattens SPF records and keeps your email authentication aligned. Setup takes 60 seconds.
What Our Customers Say
"AutoSPF Flattens SPF Records Seamlessly & Keeps Changes Logged - I am quite pleased with the product"
It does what it promises to do, and does it very well. I appreciate that it keeps a log of changes made, which prevents many mistakes. A client's SPF record would have way too many lookups, but AutoSPF makes that problem go away. The length of the SPF record is typically not the issue; it's the amount of lookups in the record that are. AutoSPF "flattens" the record, automatically expanding the defined lookups to IP addresses or ranges. And it auto-updates the record when the un-flattened lookups change.
Peter J.
President · Small-Business (50 or fewer emp.)
"Helped us go beyond capacity"
AutoSPF did exactly as described, it helped us get past our 10 lookup limit. Afterwards, we hit another limit regarding overall capacity and when contacted, they quickly provided us with a new solution to eliminate capacity issues entirely going forward, so now we can add as many SPF records as needed. They also provided us with a personalized support video explaining their new method in its entirety using our instance as the example.
Verified User
Financial Services · Mid-Market (51-1000 emp.)