Email security
audited in seconds.
Kuality validates your SPF, DKIM, and DMARC DNS records, flags gaps that allow attackers to spoof your domain, and checks your MX record health — all from a single URL scan. No DNS credentials required.
No DMARC record — attackers can send email from your domain with no enforcement or reporting.
Every email authentication record validated
Kuality queries your domain's DNS records and validates every email authentication mechanism against current best practices and RFC specifications.
SPF Validation
Parses your SPF record, validates syntax, checks the ~all vs -all enforcement policy, and flags lookups exceeding the RFC 7208 ten-lookup limit.
DKIM Key Check
Queries common DKIM selectors (google, mail, default, k1) and validates the public key format, bit length, and revocation status.
DMARC Policy Evaluation
Validates DMARC presence, policy enforcement level (none/quarantine/reject), reporting URIs, and alignment mode for SPF/DKIM.
MX Record Health
Checks MX record presence, priority ordering, and resolves each mail server hostname to verify it is reachable and responding.
Spoofing Gap Detection
Identifies the exact configuration gaps that would allow an attacker to send forged email that passes spam filters on your domain.
Enforcement Upgrade Guidance
Kuality recommends a migration path from p=none (monitoring) to p=quarantine to p=reject, with the sequence of DNS changes needed at each step.
Email security is one of 17 checks in Kuality
Run the email authentication audit alongside SSL, security headers, JavaScript CVEs, and supply chain security — all in a single scan, tracked over time.
Check your email security freeFree plan. No credit card. No DNS credentials required.