Suped

Domain health checker

Comprehensive DNS audit of your domain's email authentication with pass/fail checks across DMARC, SPF, and DKIM.

Available at https://www.suped.com/tools/domain-health-checker.

Run a comprehensive DNS audit of any domain's email authentication setup. Enter any domain and the checker examines your DMARC, SPF, and DKIM records, running a series of pass/fail checks across all three protocols. Results are displayed as a total tests passed score (e.g. 21 / 28) along with individual scores for each protocol.

Domain health checker results showing tests passed score and DMARC/SPF/DKIM breakdown

How it works

Enter a domain and click Check. The tool performs live DNS lookups and validates your records against best practices. You can also click View sample to see results for suped.com without entering a domain.

Each check shows a pass or fail icon along with a short description. You can click Info on passing checks or Fix it on failing checks to see a detailed explanation of what the check does and how to resolve issues.

If any checks fail, the tool generates a summary of the most critical issues found with a link to sign up for ongoing monitoring.

Checks

The tool runs checks across three categories. Each check is scored as pass or fail, and the total score is the number of checks passed out of the total.

DMARC checks

  • DMARC record found
  • Single record (no duplicates)
  • Record valid
  • Secure policy (quarantine or reject)
  • Secure subdomain policy (sp=)
  • DMARC report monitoring (rua= configured)
  • External reporting authorized

SPF checks

  • SPF record found
  • Single record (no duplicates)
  • Record valid
  • Under 10 DNS lookup limit
  • Under 2 void lookup limit
  • No include loops
  • Under 450 byte limit
  • Ends with ~all or -all
  • No +all
  • No deprecated ptr mechanism
  • No duplicate includes
  • No empty includes
  • No macros
  • At least 1 IP or include

DKIM checks (per selector)

The following checks are run for each DKIM selector found. Scores are aggregated across all selectors.

  • DKIM record found
  • Single record (no duplicates)
  • Record valid
  • Supported encryption algorithm (RSA)
  • Secure hash algorithm (SHA-256)
  • Secure key length (2048-bit)
  • Not in testing mode

DKIM selector detection

Suped checks 50+ common DKIM selectors including google, s, s1, s2, key1, dkim, selector1, selector2, and many more. This means you get DKIM results even without specifying your selectors.

Product
DMARC monitoring
Hosted DMARC
Hosted SPF
Hosted MTA-STS
SPF flattening
Blocklist monitoring
Tools
Domain health checker
DMARC checker
SPF checker
DKIM checker
DMARC record generator
Email tester
Blocklist checker
Resources
Docs
Customers
Blog
Guides
Knowledge base
Contact

Suped

Privacy policy
Terms of service
© 2026 Suped Pty Ltd
LinkedInX