All data displayed is public and provided by the DNS system. Use of this website is subject to our Terms of Service.
Last checked about 6 hours ago
Your domain has strong email authentication. A few improvements can get you to a perfect score.
50 / 50 points
DMARC record is valid and configured correctly.
v=DMARC1; p=reject; sp=reject; fo=1; pct=100; adkim=r; aspf=r; rf=afrf; ri=86400; rua=mailto:[email protected],mailto:[email protected]; ruf=mailto:[email protected],mailto:[email protected]
Policy (p)
reject
DKIM Alignment (adkim)
Relaxed (r)
SPF Alignment (aspf)
Relaxed (r)
Relaxed mode: The DKIM signature's domain can be a subdomain of the "From" header domain.
Relaxed mode: The SPF "Return-Path" domain can be a subdomain of the "From" header domain.
Note: When alignment parameters are not specified, DMARC defaults to relaxed mode for both DKIM and SPF alignment.
Verification successful
Verification successful
You can add our monitoring system alongside your existing setup. DMARC supports multiple mailto: addresses, giving you additional visibility and backup reporting.
5 / 20 points
BIMI record must start with 'v=BIMI1'.
v=spf1 include:_spf.doe.gov -all
Missing logo URL (l=)
No certificate URL provided (a=). Optional when using self-asserted logos.
30 / 30 points
SPF record is valid.
v=spf1 include:_spf.doe.gov -all
Syntax Check
OK
DNS Lookup Count
3 / 10 max
Root-level mechanisms requiring DNS queries: 1.
Void Lookups
0 / 2 max
Fail: Reject emails from unauthorized servers (recommended for production)
Grouped by DNS record source (includes and sub-includes)
This record also contains:
SPF record found
doe.gov
TXT Record
v=spf1 ip4:205.254.128.0/28 ip4:205.167.107.0/28 ip6:2607:f368:1000:1102::/64 include:spf.protection.outlook.com include:spf-002bc302.gpphosted.com -all
Processed recursively per RFC 7208
SPF record found
_spf.doe.gov
TXT Record
v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/15 ip4:52.102.0.0/16 ip4:52.103.0.0/17 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/51 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 -all
Processed recursively per RFC 7208
SPF record found
_spf.doe.gov
TXT Record
v=spf1 ip4:67.231.155.102 ip4:67.231.147.102 ip6:2620:100:9004:21:67:231:155:102 ip6:2620:100:9000:21:67:231:147:102
Processed recursively per RFC 7208
The check you just ran shows your current configuration. But DNS records change, sometimes without you knowing. A well-meaning IT change, a third-party provider update, or an unauthorized modification can break your email delivery overnight.
Configuration Drift
IT changes that accidentally break authentication
Provider Updates
Third-party services changing their SPF includes
Unauthorized Changes
Attackers modifying records to send as you
DMARCTrust monitors your DNS records continuously. When something changes, you get an email alert with exactly what changed and why it matters. No more surprises when customers complain their emails bounced.
Run a free email authentication check (DMARC, SPF, BIMI).
We will generate a shareable URL for your domain.
Try popular examples: google.com, amazon.com, booking.com
Discover how other organizations configure their email authentication
Frequently checked
Also using reject
Showing domains checked by our users. All data is from public DNS records.
We analyze your domain's email authentication: DMARC policy and alignment, SPF record and includes, and BIMI logo/CV when present.
Healthy authentication improves delivery and blocks spoofing. Major inbox providers increasingly require DMARC and robust SPF/DKIM practices for senders.
This check shows a snapshot. With DMARCTrust, you get continuous monitoring of your DMARC reports and DNS records, with instant alerts when something changes.