Mailbox DNS Check Up Tool

Diagnosis email and mailbox DNS issues and make sure you are following mailbox best practices using our free Domain API.

View Domain API Responses

What is an MX DNS record

MX, or Mail Exchange, records are DNS (Domain Name System) records that are necessary for delivering emails to your address. In simple terms, they tell the sending server where to send the emails. An MX record consists of a priority value and the mail server's domain name. This system allows a domain to have emails delivered to multiple mail servers in a specified order of priority. This can improve the reliability of your email service.

What is the Sender Policy Framework (SPF)?

Sender Policy Framework (SPF) is a method used to prevent email spoofing. It is a DNS text entry that shows a list of servers that should be considered allowed to send mail for a specific domain. Essentially, the technology allows a domain owner to say, "only these domains/IPs are allowed to send email from my domain". Any emails that claim to be from the domain but are sent from a server not in that list can then be identified as likely fake.

The SPF include mechanism is a feature that allows a domain's SPF record to authorize another domain to send emails on its behalf. This is particularly useful for businesses that use third-party email services. Instead of listing all the individual IP addresses of the third-party's sending servers, which can be numerous and change frequently, the domain simply includes the SPF record of the third-party domain in its own SPF record using an "include:" statement. This simplifies the management of the SPF record and ensures that the authorization remains up-to-date as the third-party changes its sending servers.

For example, our SPF on the domain contains two includes, one for G-Suite and one for Postmark.

v=spf1 -all

What are DomainKeys Identified Mail (DKIM)?

DomainKeys Identified Mail (DKIM) is another method used for email authentication. It allows the receiving mail server to check if the email that claims to have come from a specific domain was indeed authorized by the owner of that domain. This is done through a digital signature added to the email. The public key used to verify this signature is stored in the domain's DNS records as a DKIM record. This way, when the email reaches its destination, the receiving server can use this public key to verify the email's signature and confirm that the email has not been tampered with during transit. This greatly helps in preventing email spoofing and phishing.

For a deep dive on DKIM records, take a look at this in-depth explanation from Cloudflare of how this important email authentication system works.

What is DMARC?

Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email-validation system built on top of SPF and DKIM protocols. Its primary purpose is to detect and prevent email spoofing. DMARC achieves this by allowing the administrative owner of a domain to publish a policy in their DNS records to specify which mechanism (DKIM, SPF or both) is employed when sending email from that domain. If an email does not pass DKIM or SPF checks, DMARC tells a recipient's server what to do with the email – whether to reject it, quarantine it, or accept it. The policy can also provide a reporting mechanism where the email receiver can report back to the sender about messages that pass and/or fail the DMARC evaluation. This feedback can be used by the domain owner to improve and refine their DMARC policy.

Postmark offers a free DMARC service that's simple to use.