3 free tools for quick email security testing

TL;DR: Red Sift offers free tools to test your email security setup and identify gaps:

Main free tools:

• Investigate - Comprehensive DMARC checker that tests DMARC, SPF, DKIM, BIMI, and other protocols in under 30 seconds through a dynamic email test (not just static DNS lookup)
• SPF Checker - Identifies SPF configuration errors and sender address forgery protection
• BIMI Checker - Verifies if you're ready to display logos next to your emails

Key benefits:

• Get instant, actionable feedback on what's broken and how to fix it
• Real-time testing means you don't have to wait 24 hours for DMARC reports
• Free tools provide enterprise-grade analysis without registration
• Helps organizations understand their email authentication posture and plan DMARC implementation

These tools help close security gaps by revealing misconfigurations before attackers can exploit them, serving as both diagnostic tools and entry points to Red Sift's full OnDMARC platform.

Attackers can iterate faster than email programs do, especially in the age of AI. With most domains still at a DMARC policy of p=none, the door remains open for bad actors.

Don’t fall behind the curve: in minutes, review your email authentication setup, spot misalignment and and see if you’re BIMI ready. Use our checks below to turn posture into a prioritised to-do list.

Run our 3 free checks: Red Sift Investigate, SPF Checker, and BIMI Checker. No sign-up needed. Each tool gives you a detailed breakdown so you can take action:

• Investigate. Submit your email domain and get an instant review of your DMARC record plus key controls: SPF, DKIM and BIMI. You see what’s present, what’s missing, and priority fixes. Use it first on your primary domain and any sending subdomains.
• SPF Checker. Map and expand your SPF to see includes, mechanisms and lookup counts. It flags risky patterns tied to SubdoMailing and poisoned includes, so you can remove legacy services and keep lookups in check.
• BIMI Checker. Test if you’re BIMI-ready based on your public DMARC posture and BIMI setup. You’ll get clear pointers on policy, SVG and certificate requirements to enable your organisation’s logo in supported inboxes like Apple Mail (via supporting providers) Google, Yahoo, Fastmail, Zoho, web.de, among others. Check the full list here.

Only 5.6% of the 73.9M domains we track are at DMARC enforcement (p=reject), while 11% are stuck at report-only. That gap keeps spoofing risk high and incident response noisy.

Without a published DMARC record at p=reject, spoofing risk stays high and incident response gets harder. Weak SPF or DKIM creates noisy failures and can block legitimate mail. A quick pass with these tools surfaces the obvious fixes so you can move toward enforcement with confidence.

1. Run Investigate on your main domain and sending subdomains. Note DMARC policy (none, quarantine, reject) and any mis-alignment or errors.
2. Check your SPF setup with our SPF Checker. Remove unused services, replace risky or poisoned includes, and keep DNS lookups within limits (aim for ≤10).
3. Check BIMI readiness. Use BIMI Checker to confirm policy posture and spot SVG/VMC gaps.
4. Get next steps support from Red Sift. Book a demo to understand how our team can support your needs.

• DMARC at enforcement (if you’re at quarantine → to reject) once senders align; for BIMI, policy at either p=quarantine or p=reject is required.
• SPF with lookup counts controlled (≤10) and no poisoned includes. Dynamic SPF helps you stay compliant with the 10 lookup limit by automatically optimizing your record through Red Sift OnDMARC.Red Sift OnDMARC.
• Ensure all active sources use DKIM so signatures survive forwarding where possible and alignment can hold.
• BIMI-ready assets (correct record, SVG and VMC when required) so your logo displays in supported inboxes.

Every week without enforcement is another week of spoofable mail and noisy incidents. Run these checks now to turn results into a concrete enforcement plan with measurable milestones.