Domain Scanner
Scan your domain's email security configuration in seconds. Check DMARC, SPF, and DKIM records to protect your firm from spoofing, phishing, and deliverability issues.
Why DMARC matters for your firm
Email authentication protects your clients, your reputation, and your compliance posture.
DMARC
Domain-based Message Authentication, Reporting & Conformance tells receiving mail servers what to do when an email fails SPF or DKIM checks — reject it, quarantine it, or let it through. Without a DMARC policy, anyone can send email pretending to be your domain.
SPF
Sender Policy Framework specifies which mail servers are authorized to send email on behalf of your domain. A missing or misconfigured SPF record means phishing emails using your domain name may reach your clients' inboxes unchallenged.
DKIM
DomainKeys Identified Mail adds a cryptographic signature to outgoing emails, proving the message hasn't been altered in transit. DKIM builds trust with email providers and improves deliverability for your firm's communications.
For professional services firms handling sensitive client data — especially CPA firms, law practices, and financial advisors — email authentication isn't optional. It's a baseline security measure that protects against impersonation, supports compliance requirements, and preserves client trust.
Domain Scanner FAQ
A DMARC record is a DNS TXT entry that tells receiving mail servers how to handle emails that fail SPF or DKIM authentication. It can instruct servers to do nothing, quarantine the message, or reject it outright — and it can send you reports so you know who is sending email as your domain.
Without DMARC, attackers can send emails that appear to come from your domain — targeting your clients, your staff, or your vendors. For CPA firms, law practices, and financial advisors handling sensitive data, a spoofed email can lead to wire fraud, data breaches, and regulatory trouble. DMARC stops impersonation at the DNS level.
A policy of "none" monitors but takes no action — useful when you are first setting up. "Quarantine" sends failing emails to spam. "Reject" blocks them entirely. Most firms should work toward a reject policy, but it is important to get there gradually so you do not accidentally block legitimate email from third-party services.
SPF lists which servers are allowed to send email for your domain. DKIM adds a cryptographic signature proving the message was not tampered with in transit. DMARC ties them together — it tells receivers what to do when SPF or DKIM fails, and where to send reports. All three work as a team; DMARC without SPF and DKIM is incomplete.
Start by reviewing the results from this tool to identify what is missing or misconfigured. Common fixes include adding a DMARC TXT record to your DNS, updating your SPF record to include all legitimate sending services, and enabling DKIM signing in your email platform. If you are unsure, One82 configures and monitors email authentication for professional services firms every day — book a free 15-minute call and we will walk you through it.
Yes, completely free with no signup required. Enter any domain and get instant results for DMARC, SPF, and DKIM records. Use it as often as you need — there is no limit.
Let us handle your email security
Not sure how to fix your DMARC, SPF, or DKIM records? Our team configures and monitors email authentication for professional services firms every day.