Investigate

Check your DMARC record and other essential protocols

Use Red Sift’s Investigate tool to perform a DMARC record check and see if your DKIM, SPF, and BIMI protocols are correctly set up.

How does it work?
1. Send us an email
2. Wait a few moments
3. Get your results
Scroll down to find out more about Investigate
1. Send us an email
Scroll down to find out more about Investigate

What is Investigate?

Investigate is a free DMARC checker that looks up your DMARC records. Uniquely, it also comprehensively checks that DKIM, SPF, BIMI, and other important email security protocols are set up correctly. If it discovers that anything is broken or misconfigured, it provides actionable steps and guidance for you to resolve any issues.

Why does Investigate need you to send it an email?

Investigate is only able to provide an overview of your email setup if you agree to send a test email to its unique inbox. This is because Investigate needs to test your specific email-sending service and its authenticity by checking email sending and receiving infrastructure and the email message encryption status. This is called a dynamic check.

If it were to carry out a static evaluation based only on your domain name, Investigate would not be able to produce the same results as the domain might be sending from Marketo, Gmail, Salesforce, or Outlook.

Can Investigate help me get ready for Microsoft, Google, and Yahoo's bulk sender requirements?

Yes! In under a minute, Red Sift’s Investigate tool performs a dynamic, real-time check on your email-sending service to determine if your email setup is ready for the bulk sender/high volume requirements from Microsoft, Google and Yahoo.

A dynamic check allows us to accurately check the following attributes: if your server has FCrDNS correctly set up which is crucial for email delivery, if you are using opportunistic TLS on delivery for secure communications, the alignment between DKIM and SPF, and the validity of the DKIM key. All of these checks are crucial for Google and Yahoo’s bulk sender requirements.

What protocols does Investigate check and validate and why does it matter?

Investigate checks DMARC, SPF, DKIM, FCrDNS, TLS, BIMI, and MTA-STS. Whilst each security protocol has a specific mission, the more boxes you tick for your email, the lower the risk to both you and those that you communicate with. Think of it as a security scorecard for your domain. With Investigate’s speedy checks, you can confidently achieve full marks and get to full protection (p=reject) faster.

FAQs

Why check my DMARC record?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a standard that stops bad actors from using your domain to send emails without your permission. Without a DMARC record in place, anyone can impersonate your domain and use it to potentially launch phishing attacks.

Investigate’s unique DMARC record check will enable you to test your email domain to address these potential risks. Should Investigate uncover that you have issues with your DMARC record - for example, it might be missing, or your policy might be at 'none' - then these are problems you can solve with our automated DMARC application, Red Sift OnDMARC.

Why check my DKIM record?

DKIM (Domain Keys Identified Mail) is a signal for the receiving inbox that your email is digitally signed by the domain it came from, confirming that the email content has not been tampered with along the way.

Why check my SPF record?

Checking your SPF (Sender Policy Framework) record helps ensure that only authorized servers can send emails on your behalf, reducing the risk of email spoofing and improving deliverability.

What is BIMI (Brand Indicators for Message Identification)?

BIMI displays validated trademarked logos for all DMARC authenticated emails.

What is MTA-STS (Mail Transfer Agent Strict Transport Security)?

MTA-STS enables the encryption of messages being sent between two mail servers.

What is FCrDNS (Forward-confirmed reverse DNS)?

FCrDNS is a strong indicator of your deliverability. If not set up properly, emails are more likely to end up in spam.

What is TLS (Transport Layer Security)?

TLS verifies that the contents of your email can’t easily be snooped on by people who are not your intended recipients.

What happens if Investigate uncovers errors I can’t fix?

If Investigate detects errors in your email configuration, it will provide guidance on how to fix these. You can also utilize our extensive guides and knowledge base for guidance on how to fix any DMARC, SPF, or DKIM issues. 

However, should you need any further assistance with this, Red Sift is here to help you! Just reach out to us and we’ll be happy to help you.

Who can use Investigate?

Investigate is useful for those who are just curious about their email setup (including checking DMARC records) and want to learn more, as well as businesses who are actively working on projects to improve their email configuration. This is because the tool provides an easy-to-digest overview of your evolving setup in an instant. 

Without a tool like Investigate, you would have to wait up to 24 hours for a DMARC report to arrive that would show you if the changes you made had the desired outcome. This is a time-consuming and tedious process. Speed is of the essence for businesses working on email security projects such as DMARC, as the faster they can secure their email, the better. The instant visibility Investigate provides drastically reduces the time needed to check up on your evolving setup and speeds up the time needed until full protection is reached.

This version of Investigate is a free tool that we provide for businesses to quickly check their email configuration. It is based on the full Investigate feature that is included inside Red Sift’s OnDMARC application that protects business email. 

Want to learn more about OnDMARC?

Once you've used our free Investigate tool and have a clearer view of your organization’s email security health, you might consider signing up for OnDMARC's 14-day free trial. OnDMARC is an automated DMARC application that helps businesses protect themselves from phishing and BEC attacks by helping them configure their email security. By using the trial, you’ll be able to:

  • Access the full version of Investigate
  • Fully configure your SPF and DKIM records
  • Start DMARC reporting and get visibility of your email traffic continuously 
  • Begin your journey to full DMARC compliance

Learn more about Red Sift OnDMARC.

Looking up SPF, DKIM and DMARC records in DNS (using the command line and terminal)

DMARC records (that are published in a domain's DNS) are essential for email security. They prevent email spoofing by specifying how to handle emails failing SPF or DKIM checks. These TXT records define actions for unauthenticated emails and provide feedback on their domain's email authenticity, thereby reducing phishing risks and enhancing email deliverability.

The table below shows the commands used in Windows Command Line and Mac OS Terminal to query for the SPF, DKIM and DMARC records for a particular domain.

Follow the instructions below and substitute the words selector and domain with the corresponding DKIM selector and domain you would like to look up.

Example 1. Querying the SPF record for google.com using nslookup.

  • nslookup -type=txt google.com 

Example 2. Querying the DKIM key for ondmarc.com using dig. You will have to know the DKIM selector - "google" in our case - being used in order to query for the DKIM key.

  • dig txt google._domainkey.ondmarc.com 

Example 3. Querying the DMARC record for google.com using nslookup.

  • nslookup - type=txt _dmarc.google.com

Record

Windows Command Line

Mac OS Terminal

SPF

nslookup  -type=txt domain
dig txt domain

DKIM

>nslookup 
>set q=txt
>selector._domainkey.domain
dig txt selector._domainkey.domain

DMARC

nslookup -type=txt 
 _dmarc.domain
dig txt _dmarc.domain
Expand to full-size with the blue expand button above the table