Scan a domain to get it analyzed for possible issues with DMARC, SPF, DKIM and BIMI records.
Secure Your Domain Infrastructure and Outbound Emails. All-in-One Place.
EasyDMARC's Domain Scanner is a free, powerful, easy-to-use online tool that allows you to check the health and security of your domain in one click. Simply enter your domain name and scan it. As a domain health checker, it comprehensively analyzes your SPF, DKIM, DMARC, and BIMI records, ensuring your domain is secure and protected against malicious attacks.
With our Domain Scanner diagnostic tool, you can quickly run a domain health test to identify potential weaknesses, vulnerabilities, and security risks. It points you to the necessary steps to secure and protect your domain reputation.
Our Domain Scanner isn't just a simple domain scanning tool; it's a comprehensive DMARC testing solution that provides a deep and accurate analysis of your domain's security posture. Whether you want to check your domain's health, diagnose security issues, or improve your overall domain security infrastructure, the Domain Checker can fulfill your needs.
Frequently Asked Questions
What is a Domain Scanner?
Domain Scanner is a complete domain health diagnostic tool designed to help you identify all possible issues with your domain security infrastructure.
With a simple click of the "Show Results" button, you can quickly check your SPF, DKIM, DMARC, and BIMI records to see how your domain is configured.
With the DMARC Domain Checker tool, you can:
- See the detailed results of your SPF record, detect possible issues, and get instructions on validating and verifying your SPF record.
- See the status of your DKIM record, detect possible issues with your DKIM selectors, and get instructions on validating and implementing the correct DKIM record for your domain.
- Check, lookup, and detect your DMARC record’s status and possible issues, and get instructions on validating and implementing the correct DMARC record.
- See the detailed results of your BIMI record, detect possible issues, and get instructions on validating and verifying your BIMI record.
EasyDMARC’s Domain Scanner tool acts as a domain health checker, allowing you to stay ahead of potential threats and protect your domain. It’s more than just a simple domain scanner. It provides a detailed analysis of your domain, helping you identify any potential issues that may affect the security of your online presence.
Why Check Domain Security?
Scanning and diagnosing your domain for DMARC, DKIM, SPF, and BIMI records is essential for several reasons:
- Protect Your Domain Reputation
DMARC, DKIM, SPF, and BIMI records authenticate your email messages and prevent fraudulent emails from being sent using your domain. Bad actors using your domain for phishing or spamming can negatively affect your domain's reputation. A scan will help you detect and prevent unauthorized access.
- Ensure Email Deliverability
Implementing DMARC, DKIM, SPF, and BIMI records help ensure your emails are delivered to your recipients' inboxes and not marked as spam or rejected. A thorough domain scan will help you identify DNS record issues that could affect email deliverability.
- Improve Email Open Rates
BIMI records help improve email open rates by displaying your brand logo and email message in your recipients' inboxes. A scan will help ensure that your BIMI records are correctly configured and display the correct logo, increasing brand recognition and trust among your recipients.
- Meet Email Authentication Standards
DMARC, DKIM, SPF, and BIMI records are the industry standard. Implementing these email authentication protocols helps meet the legal compliance standards of email providers, governments, and organizations like DMARC.org. A scan will help ensure that your records are properly configured and meet these standards.
What Does the “Empty Record” Mean?
If one of your domain’s records, such as SPF, DKIM, DMARC, or BIMI, is shown as an “Empty record,” it means you don’t have this record type implemented in your DNS.
You must generate and configure the missing record to solve the problem. Here’s what you need to do for each email authentication record that’s missing from your DNS:
For SPF record:
- Evaluate your DMARC reports:
Check your DMARC reports to understand how your emails are being handled by email servers.
- Identify your SPF results:
Determine whether or not you need to add an SPF record and what changes you need to make to it by checking your reports for SPF results.
- Adjust your SPF record using an SPF generator:
Use an SPF generator tool to create an SPF record that includes all necessary information, such as the IP addresses of your mail servers and any third-party services you use to send emails.
- Analyze DMARC reports to ensure everything is working fine:
After adding an SPF record, monitor your email deliverability, analyze your DMARC reports to ensure all your emails are being authenticated correctly, and take corrective action if you notice any problems.
For DKIM record:
- Generate a DKIM key pair:
Generate a DKIM key pair using your email server or a DKIM key generator tool. If you use a third-party email service, the key should be generated from the third-party portal.
- Publish the public key in DNS:
Publish the public key in DNS as a TXT record for the domain that will be signing the emails.
- Configure your mail server to sign emails:
If you have a dedicated server, configure your email server to use the private key to sign outgoing emails. If you use a third-party email service, activate DKIM signing through the service provider's portal.
- Monitor DKIM signatures:
Monitor your DKIM signatures by evaluating the DMARC reports to ensure that your emails are being authenticated correctly.
For DMARC record:
- Add DMARC in the monitoring stage:
Add a DMARC record with a policy of "none" using a DMARC generator tool to start monitoring email traffic and identifying legitimate and illegitimate sources.
- Evaluate DMARC reports and identify sources:
Review DMARC reports to identify sources of legitimate and illegitimate email traffic and take corrective action to improve email authentication practices.
- Authenticate all legitimate sources:
Authenticate all legitimate sources of email traffic by implementing SPF and DKIM, and ensure that all email is properly authenticated.
- Enforce DMARC policy:
Gradually enforce a DMARC policy of "reject" to block illegitimate email flow and protect your domain from email spoofing and phishing attacks.
For BIMI record:
- Enforce DMARC policy:
Ensure that your DMARC policy is set to "reject" or "quarantine" to enforce email authentication and prevent fraudulent use of your domain.
- Prepare a BIMI-compatible logo:
Use EasyDMARC’s BIMI Converter tool to prepare a BIMI-compatible SVG logo that meets the necessary specifications.
- Add BIMI record:
Add the logo to your host, and publish a BIMI TXT record using a BIMI generator tool to specify the location of your BIMI file.
- Obtain VMC certificate:
Obtain a Verified Mark Certificate (VMC) to ensure the legitimacy of your logo and enable email service providers (ESPs) to display your company logo in the emails that they deliver.
How To Improve Domain Security and Trust?
In addition to registering your domain with a reputable registrar that supports excellent security measures, you should pay attention to email infrastructure protection if you want an improved domain reputation. EasyDMARC’s Domain Scanner is a diagnostic tool that allows you to start your journey to better domain security.
Depending on the DMARC testing results, you’ll have to go through email authentication protocols and configure each properly.
To make the journey easier, we recommend that you sign up with EasyDMARC, and our all-in-one email authentication platform will guide you through the process. You’ll get detailed reports of SPF, DKIM, and DMARC failures and be able to identify and fix deployment issues. With EasyDMARC, you can improve your email deliverability, prevent email phishing attacks, and increase the trustworthiness of your emails.