Are your emails landing in spam?

Four DNS records decide whether your email reaches the inbox: MX, SPF, DKIM and DMARC. Enter a domain and see, in plain English, what's set up and what's missing. Lookups run live from your browser — nothing is stored.

Try: google.com · bbc.co.uk · thecentaurmentor.com

Email from you@your-domain, set up to actually arrive.

SPF, DKIM and DMARC are fiddly to get right. With Centaur hosting your mailboxes come on your own domain with the deliverability records configured for you — so your invoices and replies land in the inbox, not the spam folder.

Get email on your domain →

The four records that decide if your email arrives

When you send an email, the receiving server quietly interrogates your domain's DNS to decide whether to trust it. Get these four right and you sail into the inbox; get them wrong and even legitimate mail gets binned or spoofed by scammers.

MX — can the domain receive mail?

MX (“mail exchanger”) records point your domain at the servers that handle its incoming email. No MX, no inbox.

SPF — who's allowed to send as you?

SPF lists which servers are permitted to send email using your domain. Without it (or with a sloppy one), your mail looks suspicious and spoofers find it easier to impersonate you. You should have exactly one SPF record, ideally ending in ~all or -all.

DKIM — is the message genuinely from you?

DKIM adds a cryptographic signature to your outgoing mail that the receiver verifies against a public key in your DNS. It proves the message wasn't tampered with in transit. DKIM keys live at custom “selector” names, so a tool can only check the common ones — a clean result here is a good sign, not a guarantee.

DMARC — what to do with fakes?

DMARC ties SPF and DKIM together and tells receivers what to do with mail that fails: nothing (p=none, monitoring only), send to spam (p=quarantine), or reject outright (p=reject). It's your strongest defence against someone spoofing your domain.

For people running a real business

Plain notes on getting online properly, once a week

Domains, hosting, email deliverability and looking professional. No noise, unsubscribe in one click.

Common questions

How does it check without me logging in?

It asks public DNS over a secure HTTPS service (DNS-over-HTTPS) straight from your browser. DNS records are public, so no access or login is needed — and nothing you type is sent to us.

It says no DKIM but I have it set up?

DKIM keys are published under a “selector” name that's specific to your mail provider, and there's no way to list them all. This tool checks the most common selectors (Google, Microsoft, Mailchimp, and so on). If yours uses a custom selector, it won't be detected here even though it's working — check your provider's DKIM settings to confirm.

What's a good result?

MX present, exactly one SPF record ending in ~all/-all, a DKIM key detected, and DMARC with at least p=quarantine. Start DMARC at p=none to monitor, then tighten it.

A read-only DNS lookup for guidance. DNS can take time to propagate and DKIM detection is best-effort (selector-specific), so treat a flagged result as “worth checking”, not gospel. Always confirm against your mail provider's own settings before making changes.