Check and validate DMARC, SPF, and DKIM

Use Red Sift's free Investigate tool to check if your DMARC, SPF, DKIM, and other important email security protocols are set up correctly, and get actionable steps on how to fix them, if applicable.

1. Send an email

Simply send an email to the address below from the sending service you wish to check - don’t worry about putting anything in the body of the email.

I have read and accepted the Terms and Conditions, privacy and cookie policies and consent to receive Red Sift communications.

2. Get the results

After sending your email, check the box below to reveal the Investigate dashboard and your results for DMARC and BIMI.

Frequently Asked Questions

What is Investigate?

Investigate is a free tool that checks if your DMARC, DKIM, SPF, and other important email security protocols are set up correctly. If it discovers that anything is broken or misconfigured, it will provide actionable steps and guidance for you to resolve any issues.

Who can use Investigate?

Simply put, anyone! Investigate is useful for those who are just curious about their email setup and want to learn more, as well as businesses who are actively working on projects to improve their email configuration. This is because the tool provides an easy-to-digest overview of your evolving setup in an instant. 

Without a tool like Investigate, you would have to wait up to 24 hours for a DMARC report to arrive that would show you if the changes you made had the desired outcome. This is a time-consuming and tedious process. Speed is of the essence for businesses working on email security projects such as DMARC, as the faster they can secure their email, the better. The instant visibility Investigate provides drastically reduces the time needed to check up on your evolving setup and speeds up the time needed until full protection is reached.

This version of Investigate is a free tool that we provide for businesses to quickly check their email configuration. It is based on the full Investigate feature that is included inside Red Sift’s OnDMARC application that protects business email. 

What protocols does Investigate check and validate and why does it matter?

Investigate checks DMARC, SPF, DKIM, FCrDNS, TLS, BIMI, and MTA-STS. Whilst each security protocol has a specific mission, the more boxes you tick for your email, the lower the risk to both you and those that you communicate with. Think of it as a security scorecard for your domain. With Investigate’s speedy checks, you can confidently achieve full marks and get to full protection (p=reject) faster.

See the following FAQs for a definition of each protocol that Investigate checks and validates.

Why check my DMARC record?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a standard that stops bad actors from using your domain to send emails without your permission. Without a DMARC record in place, anyone can impersonate your domain and use it to potentially launch phishing attacks.

Why check my SPF record?

SPF (Sender Policy Framework) validates that your server is authorized to send emails on behalf of the domain it claims to be sent from so the recipient knows you are who you say you are.

Why check my DKIM record?

DKIM (Domain Keys Identified Mail) is a signal for the receiving inbox that your email is digitally signed by the domain it came from, confirming that the email content has not been tampered with along the way.

FCrDNS (Forward-confirmed reverse DNS)

This is a strong indicator of your deliverability. If not set up properly, emails are more likely to end up in spam.

TLS (Transport Layer Security)

This signal verifies that the contents of your email can’t easily be snooped on by people who are not your intended recipients.

BIMI (Brand Indicators for Message Identification)

A signal that displays validated trademarked logos for all DMARC authenticated emails.

MTA-STS (Mail Transfer Agent Strict Transport Security)

This is a standard that enables the encryption of messages being sent between two mail servers.

Why does Investigate need you to send it an email?

Investigate is only able to provide an overview of your email setup if you agree to send a test email to its unique inbox. This is because Investigate needs to test your specific email-sending service and its authenticity by checking email sending and receiving infrastructure and the email message encryption status.

If it were to carry out a static evaluation based only on your domain name, Investigate would not be able to produce the same results as the domain might be sending from Marketo, Gmail, SFDC, or Outlook.

Want to get started?

Just scroll back to the top of this page, copy and paste the unique email address we provide, and send it an email from the sending service you wish to check. In just a few seconds, we’ll provide a full breakdown of your email setup and will also email you a copy of your results.

What happens if Investigate uncovers errors I can’t fix?

If Investigate detects errors in your email configuration, it will provide guidance on how to fix these. However, should you need any further assistance with this, Red Sift is here to help you! Just reach out to us and we’ll be happy to help you.

LinkedInInstagramTwitter