28 Free Email Security Tools
Check, generate, analyze, and look up DNS records for every email authentication protocol. All tools run in your browser — nothing is sent to our servers.
Domain Email Health Check
Run a comprehensive audit across all email authentication protocols — DMARC, SPF, DKIM, BIMI, MTA-STS, TLS-RPT, ARC, and DANE — and get a weighted security score with actionable next steps.
Run auditCheckers
DMARC Record Checker
Validate your DMARC policy, parse all tags per RFC 7489, and get actionable recommendations.
SPF Record Checker
Parse SPF mechanisms, count DNS lookups against the RFC 7208 limit of 10, and detect misconfigurations.
DKIM Record Checker
Look up DKIM public keys by selector, verify key sizes against RFC 8301, and check algorithm compliance.
BIMI Record Checker
Verify your BIMI record, check SVG logo compliance, VMC authority, and DMARC enforcement prerequisites.
MTA-STS Checker
Validate your MTA-STS DNS record, fetch the policy file, and verify MX record alignment per RFC 8461.
TLS-RPT Record Checker
Check your TLS-RPT DNS record, validate report destinations, and verify MTA-STS integration per RFC 8460.
DANE/TLSA Record Checker
Look up TLSA records, verify DNSSEC status, and validate DANE configuration per RFC 6698 and RFC 7672.
Blacklist Check
Check if your domain or IP appears on major DNS blacklists (DNSBLs) that could affect email deliverability.
ARC Readiness Checker
Assess ARC readiness by checking DMARC enforcement, mail provider capabilities, and DKIM keys at common ARC selectors.
ARF / Forensic Report Checker
Validate DMARC forensic reporting — check ruf= destinations, external authorization, failure options, and provider support.
Generators
DMARC Record Generator
Build a DMARC policy with reporting addresses, alignment settings, and percentage rollout.
SPF Record Generator
Build an SPF record with provider presets, IP ranges, and lookup tracking against the 10-lookup limit.
DKIM Record Generator
Generate RSA or Ed25519 DKIM key pairs entirely in your browser. Your private key never leaves your device.
BIMI Record Generator
Build a BIMI DNS record with SVG logo URL, optional VMC certificate, and SVG Tiny PS validation.
MTA-STS Policy Generator
Generate an MTA-STS DNS record and policy file with MX pattern matching per RFC 8461.
TLS-RPT Record Generator
Build a TLS-RPT DNS record with mailto and HTTPS report destinations per RFC 8460.
DANE/TLSA Record Generator
Generate TLSA records for DANE certificate pinning with SHA-256/SHA-512 hashing and optional PEM parsing.
SPF Flattener
Resolve SPF include chains, visualize the lookup tree, and generate a flattened record under the 10-lookup limit.
Analyzers
DMARC Report Analyzer
Parse DMARC XML aggregate reports to see who is sending email as your domain and whether they pass authentication.
TLS Report Analyzer
Parse TLS-RPT JSON reports to diagnose TLS negotiation failures and certificate issues.
ARF Report Analyzer
Parse RFC 5965 abuse feedback reports to extract feedback type, source IP, reported domain, and authentication results.
ARC Chain Analyzer
Parse and visualize Authenticated Received Chain headers per RFC 8617. Validate chain integrity and diagnose forwarding issues.
Email Header Analyzer
Trace message routing and authentication through email headers. View hops, SPF/DKIM/DMARC results, and delays.
Lookups & Diagnostics
MX Lookup
Query MX records for any domain. See mail server priorities, hostnames, and resolved IP addresses.
NS Lookup
Query authoritative nameservers for a domain and verify DNS delegation.
Reverse DNS Lookup
Resolve IP addresses to hostnames via PTR records. Essential for verifying mail server identity.
WHOIS Lookup
Query domain registration details including registrar, creation date, expiration, and nameservers.