Enter a domain name without http:// or www
What We Check
SPF
Specifies which servers can send email for your domain
DMARC
Policy for handling failed authentication
How to Scan Your Domain's DNS Security
- 1
Enter your domain name
Type your domain (e.g. example.com) into the input field. Do not include http://, https://, or www prefixes. The scanner works with root domains and subdomains. - 2
Run the security scan
Click the Scan DNS button to start the analysis. The tool queries public DNS servers for SPF, DKIM, DMARC, MX, and CAA records associated with your domain. - 3
Review your security score
Examine the overall security grade and per-record results. Each record type is checked for correct syntax, proper enforcement levels, and common misconfigurations. - 4
Follow the recommendations
Act on the specific recommendations provided for any missing or misconfigured records. Prioritize adding DMARC enforcement and fixing SPF issues to prevent email spoofing.
Who Uses DNS Security Scanning?
IT Administrators
Email Marketers
Security Auditors
Domain Owners and Webmasters
Why Scan DNS Security?
DNS security scanning is essential for any domain owner who sends email or wants to prevent phishing attacks using their domain name. The DNS Security Scanner analyzes your domain's DNS records to verify that SPF, DKIM, and DMARC are correctly configured. These three protocols form the foundation of modern email authentication and work together to block unauthorized senders from impersonating your domain.
SPF records define which mail servers are authorized to send email on behalf of your domain, while DKIM adds cryptographic signatures that recipients verify to confirm message integrity. DMARC ties these together by telling receiving servers how to handle messages that fail authentication. Without all three properly configured, your domain is vulnerable to spoofing. Use the Email Security Checker to evaluate specific email addresses, or run a DNS Lookup to inspect raw DNS records for any domain.
Beyond email authentication, the scanner also checks MX records for proper mail routing and CAA records that restrict SSL certificate issuance. For a complete security posture assessment, combine DNS scanning with the SSL Certificate Checker to verify your TLS configuration and the Security Headers Analyzer to audit HTTP response headers. Together, these tools give you a comprehensive view of your domain's security readiness.
How It Compares
Unlike many DNS security tools that require account creation or limit free scans to a handful per day, the FindUtils DNS Security Scanner is completely free with no signup required. Commercial platforms such as MXToolbox and Dmarcian offer DNS diagnostics but gate advanced features behind paid plans. Our scanner checks SPF, DKIM, DMARC, MX, and CAA records in a single pass and provides actionable recommendations without any usage restrictions.
For teams that need deeper email authentication monitoring, paid services add historical trend tracking and automated alerting. However, for one-time audits, migration verification, or periodic spot checks, the FindUtils scanner delivers the same core analysis at zero cost. Pair it with the Email Validator for address-level checks or the URL Safety Checker to evaluate domain reputation beyond DNS records.