There was a problem loading the comments.

How to Test Your SPF, DKIM, and DMARC Configuration

Support Portal  »  Knowledgebase  »  Viewing Article

  Print

After publishing SPF, DKIM, and DMARC records, you should confirm they actually pass before trusting them. Testing takes a minute and catches typos, wrong selectors, and alignment problems that silently send mail to spam.

1. Read the headers of a real message

The most reliable test is a live message. Send an email to an external mailbox at a major provider, open the received message, and view its original headers. Look for the authentication results line:

spf=pass  dkim=pass  dmarc=pass

All three should say pass. If SPF fails, the sending server is not listed in your SPF record. If DKIM fails, the selector or key is wrong. If DMARC fails despite SPF or DKIM passing, the problem is alignment (see below).

2. Query the records directly with dig

Confirm each record exists and reads correctly:

dig txt yourdomain.com +short              # SPF (v=spf1 ...)
dig txt selector._domainkey.yourdomain.com +short   # DKIM
dig txt _dmarc.yourdomain.com +short       # DMARC

Replace selector with your actual DKIM selector. Check for duplicate SPF records - there must be only one - and confirm the DKIM key is present and unbroken.

3. Understand alignment

DMARC requires that the domain in your visible From address aligns with the domain validated by SPF or DKIM. If you send from you@yourdomain.com but SPF validates a different envelope domain and DKIM signs with another, DMARC can fail even though SPF and DKIM individually pass. Ensure your sending platform signs and sends as your own domain.

4. Test from each service you send through

If you send from a mail server, a marketing platform, and an app, test each one separately - each must be authorized in SPF and ideally sign with DKIM. A record that covers only your mail server will fail for the others.

Managed email on a SoftSys managed VPS is configured and validated for you, including alignment across every service you send from, so your authentication passes everywhere it needs to.


Share via
Did you find this article useful?  

Related Articles

Tags

© Softsys Hosting