Google Workspace SPF, DKIM, and DMARC setup review
Review Google Workspace authentication with cautious DNS-change guidance and official source links.
Read guideEmail authentication guides
Practical, cautious guides for DMARC, SPF, DKIM, BIMI, MTA-STS, and sender-readiness diagnostics. Start with public DNS signals, then review changes with your DNS/admin team.
Scan before reading
Run a public DNS diagnostic first, then use the guides below to understand what each finding means.
01$0Free scan
Check the public sender-auth records mailbox providers expect.
02$0Shareable action plan
Keep one URL with evidence, owner steps, and decisions.
03$49$49 fix plan
Add human review, provider context, and verification steps.
Optional. Most first scans can run with just the domain.
Checks Gmail, Yahoo, and Microsoft sender requirementsPublic DNS onlyNo mailbox login needed
Example result72/100Needs attention
Review DMARC policy strength before a high-volume send.
- Public DNS evidence
- DMARC/SPF/DKIM status and caveats are visible before you pay.
- Owner-ready next step
- The audit adds provider context and a verification checklist.
Get the exact fix plan for your domain.$49 readiness audit: prioritized owner actions, DNS evidence, and verification checks.
Overall sender readiness
72/100
Needs attention
Sample output: one warning and one fail mean this domain is not campaign-ready yet.
DMARCPass
SPFPass
DKIMPass
MXPass
BIMIWarning
MTA-STSFail
Fix workspace preview
The scan becomes a focused work surface: evidence, owner action, verification, and the paid context a public lookup cannot infer.
HighDMARC
Review DMARC policy strength before a high-volume send.
- Evidence
- Evidence: a monitoring-only policy can satisfy visibility needs, but enforcement requires aligned legitimate senders.
- Verify after change
- Re-scan _dmarc after DNS propagation and confirm aligned SPF or DKIM senders before enforcement.
- Paid audit adds
- Policy sequence, starter record review, alignment questions, and enforcement caveats.
Microsoft 365 SPF, DKIM, and DMARC setup review
Check Microsoft 365 authentication and Outlook.com high-volume sender readiness signals.
Read guideShopify and Klaviyo SPF, DKIM, and DMARC setup review
Review Shopify sender email authentication, Klaviyo branded sending domains, DMARC alignment, and ecommerce DNS caveats.
Read guideMailchimp SPF, DKIM, and DMARC setup review
Review Mailchimp Marketing and Transactional authentication, DKIM CNAME records, DMARC TXT records, and DNS caveats before changing sender records.
Read guideSendGrid SPF, DKIM, and DMARC setup review
Review Twilio SendGrid domain authentication, automated security, return-path and link-branding records, and DMARC caveats before changing sender DNS.
Read guideMailgun SPF, DKIM, and DMARC setup review
Review Mailgun domain verification, SPF/DKIM DNS records, optional MX/CNAME records, and DMARC staging before changing sender DNS.
Read guidePostmark SPF, DKIM, and DMARC setup review
Review Postmark domain verification, DKIM, SPF alignment, custom Return-Path, and DMARC caveats before changing sender DNS.
Read guideHubSpot SPF, DKIM, and DMARC setup review
Review HubSpot email sending domains, generated DKIM CNAME records, SPF include merging, DMARC inheritance, and connected inbox caveats before changing sender DNS.
Read guideBrevo SPF, DKIM, and DMARC setup review
Review Brevo sender-domain authentication, Brevo code TXT records, DKIM TXT/CNAME options, DMARC records, and dedicated-IP SPF caveats before changing sender DNS.
Read guideActiveCampaign SPF, DKIM, and DMARC setup review
Review ActiveCampaign sending domains, DKIM, Mailserver Domain/SPF alignment, DMARC staging, and strict-policy caveats before changing sender DNS.
Read guideConvertKit/Kit SPF, DKIM, and DMARC setup review
Review Kit verified sending domains, account-generated CNAME records, DKIM/SPF alignment, DMARC staging, and custom-domain caveats before changing sender DNS.
Read guideZendesk SPF, DKIM, and DMARC setup review
Review Zendesk external support addresses, SPF merging, DKIM CNAME records, DMARC staging, forwarding, and connector caveats before changing sender DNS.
Read guideIntercom SPF, DKIM, and DMARC setup review
Review Intercom email support domains, DKIM CNAME records, custom return-path SPF alignment, DMARC TXT records, forwarding, and link-branding caveats before changing sender DNS.
Read guideSalesforce SPF, DKIM, and DMARC setup review
Review Salesforce application email, Account Engagement, Marketing Cloud Engagement, SPF includes, DKIM keys, and DMARC alignment caveats before changing sender DNS.
Read guideGmail bulk sender requirements checklist
Review Gmail bulk sender readiness signals for SPF, DKIM, DMARC, alignment, unsubscribe, and DNS hygiene.
Read guideYahoo bulk sender requirements checklist
Review Yahoo sender readiness signals for authentication, alignment, unsubscribe, and complaint-rate hygiene.
Read guideOutlook high-volume sender requirements checklist
Review Microsoft Outlook.com high-volume sender authentication requirements and public DNS signals.
Read guideDMARC record not found: what it means
Understand missing DMARC records, safe starter policy shape, and what to review before publishing p=none.
Read guideDMARC aggregate reports explained
Learn what RUA aggregate reports show, how reporting destinations work, and what to review before DMARC enforcement.
Read guideDMARC p=none vs quarantine vs reject
Understand DMARC policy stages and what to review before moving a domain toward enforcement.
Read guideDMARC record generator
Build a cautious DMARC TXT candidate for p=none, reporting, alignment, and subdomain policy before publishing DNS changes.
Read guideDMARC rollout planner
Turn report, sender-inventory, and alignment evidence into a cautious path from p=none toward quarantine or reject.
Read guideMultiple SPF records: how to fix them
Find duplicate SPF TXT records and plan a cautious consolidation with your DNS owner.
Read guideSPF record generator
Build a cautious SPF TXT candidate from known senders, custom includes, and approved IPs before publishing DNS changes.
Read guideSPF too many DNS lookups
Understand SPF lookup limits, risky include sprawl, and cleanup paths before changing DNS.
Read guideHow to find a DKIM selector
Use message headers and provider settings to find the selector behind a DKIM record check.
Read guideDKIM selector finder
Run a common-selector scan, then use provider settings or signed headers to confirm the active DKIM selector.
Read guideHow to set up MTA-STS safely
Review MTA-STS DNS records, HTTPS policy hosting, TLS reporting, testing mode, and enforce-mode caveats.
Read guideMTA-STS policy generator
Build a cautious MTA-STS DNS record, HTTPS policy file, and TLS-RPT TXT candidate before enforcing transport security.
Read guideHow to set up BIMI safely
Review BIMI DNS, DMARC enforcement, SVG Tiny PS logo assets, VMC/CMC requirements, and provider display caveats.
Read guideBIMI record generator
Build a cautious BIMI TXT candidate from a logo URL and optional certificate URL before publishing DNS.
Read guideEcommerce DMARC checklist
Map storefront, lifecycle, support, review, billing, and fulfillment senders before tightening DMARC.
Read guideNewsletter sender authentication checklist
Review newsletter SPF, DKIM, DMARC, alignment, and platform sender inventory.
Read guideSaaS transactional email authentication checklist
Review product, billing, support, and lifecycle email streams before policy changes.
Read guideAgency client-domain audit checklist
Scope client sender-authentication audits, evidence boundaries, and handoff recommendations.
Read guideMSP DMARC client monitoring checklist
Plan client DMARC monitoring, alert severity, baselines, and escalation paths for managed domains.
Read guideNonprofit email authentication checklist
Review donor, volunteer, newsletter, grant, and operations mail before authentication changes.
Read guideSchool and university domain authentication checklist
Coordinate authentication review for central IT, departments, students, alumni, and vendor senders.
Read guideHow to check DKIM readiness
Start with a domain scan, then confirm selectors and signed message headers with each sender.
Read guideBulk sender readiness checklist
Review public DNS signals before sending larger campaigns to Gmail, Yahoo, and Outlook.com users.
Read guide