Free tools — no signup required

Email Infrastructure Toolkit

Check your SPF, DKIM and DMARC configuration, then audit your GDPR compliance — free tools for anyone who sends email professionally.

🔍
SPF Checker
Verify your SPF record exists and analyse its strength — score out of 100.
🔑
DKIM Checker
Scan common selectors, validate the public key and flag weak key sizes.
🛡️
DMARC Checker
Check your DMARC policy and get specific improvement recommendations.
GDPR Checklist
30 checks across 6 categories. See exactly where you stand on EU compliance.

SPF Record Checker

Verify your Sender Policy Framework record is published correctly. SPF tells receiving servers which IPs are authorised to send email from your domain.

Learn more about each protocol
SPF Record Checker — Detailed Guide
Understand SPF syntax, common mistakes and how to fix them.
DKIM Record Checker — Detailed Guide
Learn about selectors, key sizes and DKIM signing.
DMARC Record Checker — Detailed Guide
Understand DMARC policies, alignment and reporting.
Complete Email Authentication Guide
How SPF, DKIM and DMARC work together to protect your domain.
Related guides
GDPR Email Marketing Guide
How to run GDPR-compliant email campaigns under EU law.
Email Deliverability Guide
Improve inbox placement and sender reputation.
Transactional Email API
Send transactional emails via API while staying GDPR compliant.
Domain Warming Schedule
Week-by-week volume schedule for new sending domains.
EU Email API
Finnish-operated email API. No US transfer chain. Pre-signed DPA.
Data Processing Agreement
Pre-signed Article 28 DPA. Finnish jurisdiction. Sub-processor list.

Ready to send email that actually lands?

NexusProMail is a Finnish email platform under EU law — designed to support GDPR-compliant sending from the start.

Start for free →GDPR email guide

Common questions

What is an SPF record and why do I need one?

An SPF (Sender Policy Framework) record is a DNS TXT record that lists which servers are authorised to send email on behalf of your domain. Without SPF, other servers can send email pretending to be from your domain. Most email providers will send your messages to spam without a valid SPF record.

What is DKIM and how is the checker using a "selector"?

DKIM (DomainKeys Identified Mail) is a cryptographic signature your mail server adds to outgoing messages. Receivers verify the signature against a public key published in DNS. The public key lives at `<selector>._domainkey.yourdomain.com` — the selector is the prefix your email provider chose (e.g. `google` for Google Workspace, `selector1` and `selector2` for Microsoft 365, `default` for many self-hosted setups). If you don't know your selector, leave the field blank and we'll scan the common ones.

What is DMARC and how is it different from SPF?

DMARC (Domain-based Message Authentication, Reporting and Conformance) builds on SPF and DKIM. While SPF and DKIM authenticate your messages, DMARC tells receiving servers what to do with messages that fail authentication — quarantine them or reject them entirely. DMARC also gives you aggregate reports on who is sending email from your domain.

What does a good SPF record look like?

A basic SPF record looks like: v=spf1 include:yourmailprovider.com -all. The -all at the end is critical — it means any server not listed should reject the message. Using ~all (soft fail) provides less protection. Avoid +all which allows any server to send as your domain.

What DMARC policy should I use?

Start with p=none to monitor without blocking, then move to p=quarantine once you're confident your legitimate mail passes. Finally, move to p=reject for maximum protection. Always include a rua= aggregate report address so you can monitor your DMARC alignment.

What are the GDPR requirements for email marketing?

Key requirements include: explicit opt-in consent with a record of when and how, easy unsubscribe in every email, a published privacy policy and subprocessor list, a Data Processing Agreement with your email provider, and processes for handling Data Subject Access Requests within 30 days.