Email security & DNS tools

Look up and validate the DMARC record on any domain. Spot policy, reporting address, and alignment mode in seconds.

Build a correct DMARC TXT record with the right policy, alignment, and reporting address for your domain.

Look up the SPF record on any domain, count DNS lookups, and flag the 10-lookup limit that causes authentication to fail.

Build an SPF TXT record from the senders you use — Google Workspace, Microsoft 365, SendGrid, Mailgun, and custom IPs.

Look up the DKIM public key on any selector. Confirm the record is published correctly, parse the key type and algorithm, and spot common misconfigurations.

Look up the BIMI record on any domain and see whether your brand logo will render in Gmail, Apple Mail, and Yahoo inboxes.

Build a BIMI TXT record linking to your SVG logo and optional VMC certificate. Required for your brand logo to appear in supporting inboxes.

Look up the MTA-STS TXT record and fetch the policy file. Confirm your inbound mail servers enforce TLS and block downgrade attacks.

Build the DNS record and policy file MTA-STS needs to force TLS on all inbound mail to your domain.

Look up the TLS-RPT record to confirm receivers know where to send TLS failure reports for your domain.

Build a TLS-RPT TXT record so you receive daily reports of TLS-related delivery failures from major inbox providers.

Look up any DNS record type (A, AAAA, MX, NS, TXT, CNAME, SOA, CAA) for any domain. Fast, server-side, no signup.

Paste an IPv4 or IPv6 address to get the PTR record. Useful for verifying mail-server rDNS, tracing suspicious connections, and confirming hosting providers.

Paste the raw headers from a suspicious email. Parse the Received chain, SPF / DKIM / DMARC results, and spot spoofing in seconds.