3,932 Australian domains analysed. Most fail basic email authentication. [2026 Report]
Free instant analysis

DMARC Checker & Domain Scanner

Scan your domain with DMARC Busta's Domain Tester and learn about any issues with DMARC, SPF and DKIM records.

Check your email security now

No login required Instant results 100% Free
Overall result
DMARC Policy:
Score of 10

Trusted by Australian IT teams
· 3,900+ domains analysed · Free forever — no credit card

Free forever · No credit card · 30 second setup

Or get your full detailed report by email

Report sent! Check your inbox.
Want to verify these work in practice? Send a test email →
Or

Not technical? We'll handle it.

Our Australian team will set up and manage your email security — you don't need to touch a thing.

Full setup and ongoing management
Monthly plain-English report
No technical knowledge required

From $25/month per domain

We'll call you within 1 business day · Australian-based support

Thanks !

We'll call you within 1 business day.

Your scan results have been saved.

Australian-Built & Operated
AI-Powered Analysis
Fix Issues Automatically
Free Forever Plan

What DMARC Busta checks and fixes for you

DMARC Protection

Protect your domain from spoofing and phishing attacks with proper DMARC configuration.

SPF Validation

Ensure your SPF records are correctly configured to authorize legitimate email senders.

DKIM Signing

Verify email authenticity with DKIM signatures to build trust with recipients.

Get Started Free

What is Email Authentication?

Three DNS protocols that verify whether an email genuinely comes from the domain it claims

Email authentication is a set of protocols that verify whether an email genuinely comes from the domain it claims to be sent from. Three protocols work together to protect your domain: DMARC (Domain-based Message Authentication, Reporting and Conformance), SPF (Sender Policy Framework), and DKIM (DomainKeys Identified Mail).

SPF specifies which mail servers are authorised to send email on behalf of your domain. DKIM adds a cryptographic signature to each message, allowing receiving servers to verify the email has not been tampered with in transit. DMARC ties SPF and DKIM together by telling receiving servers what to do when authentication fails — and provides reporting so you can monitor who is sending email as your organisation.

Without proper email authentication, your domain is vulnerable to spoofing and phishing attacks. Attackers can send emails that appear to come from your organisation, damaging your brand reputation and putting your customers at risk. Beyond security, poor authentication directly impacts email deliverability — legitimate emails from your domain may land in spam folders or be rejected entirely because receiving servers cannot verify their authenticity.

Example DMARC Record
v=DMARC1; p=reject; rua=mailto:dmarc@example.com; pct=100

How It Works Together

1
SPF checks the sending server is authorised
2
DKIM verifies message integrity via signature
3
DMARC checks alignment and applies policy
4
Failing emails are rejected, quarantined, or reported

What This Scanner Checks

A comprehensive analysis of your email authentication setup across all three protocols

DMARC Record and Policy Strength

Checks whether a valid DMARC record exists in your DNS and evaluates the enforcement policy. A policy of p=none only monitors, while p=reject provides full protection against spoofing.

SPF Record Validity and DNS Lookups

Verifies that your SPF record is syntactically correct and counts the number of DNS lookups it requires. The SPF specification limits records to 10 DNS lookups — exceeding this causes authentication failures for all your outbound email.

DKIM Key Presence and Configuration

Checks for DKIM records on common selectors and verifies the key configuration. Properly configured DKIM ensures receiving servers can validate the integrity and authenticity of your emails.

Overall Security Scoring

Each protocol is scored individually and combined into an overall security rating out of 100. This gives you a clear picture of where your domain stands and what needs attention.

How to Fix Common Issues

Actionable fixes for the most frequent email authentication problems we detect

No DMARC Record Found

Your domain has no DMARC record, leaving it completely vulnerable to email spoofing. You need to add a TXT record at _dmarc.yourdomain.com.

Fix: Start with a monitoring policy to collect data before enforcing. Use our DMARC Generator to create the correct record.

Or let DMARC Busta set this up automatically

SPF Record Has Too Many DNS Lookups

Each include:, a:, mx:, and redirect: mechanism counts as a DNS lookup, and nested includes count too.

Fix: Consolidate redundant includes, replace mechanisms with direct IP ranges, or use SPF flattening to reduce your count below 10. Check your current record with our SPF Checker.

DMARC Busta's Autopilot flattens and manages your SPF automatically

DKIM Not Configured

Fix: DKIM requires generating a public/private key pair and publishing the public key in your DNS. Most email providers (Google Workspace, Microsoft 365, Mailgun) provide DKIM keys that you add as CNAME or TXT records. Our DKIM Generator can help you create the correct records.

Need help? Our DKIM setup guides walk you through it

DMARC Policy Set to None

p=none
Monitor only
p=quarantine
Send to spam
p=reject
Full protection

Fix: Progress from p=none to p=quarantine and finally p=reject. This progression typically takes 4 to 8 weeks when done carefully.

DMARC Busta safely progresses your policy to reject automatically

Autopilot Mode — DMARC Busta monitors your email authentication continuously, progresses your DMARC policy safely, and automatically repairs common issues before they affect your email delivery.

Start Free

Frequently Asked Questions

Is this domain scan free?
Yes, this domain scanner is completely free to use with no limitations. You do not need to create an account or provide any personal information. Simply enter your domain name and receive a full email authentication analysis instantly.
What score should I aim for?
A score of 100 out of 100 means all three protocols — DMARC, SPF, and DKIM — are properly configured and working together. Your primary goal should be getting your DMARC policy to p=reject, which provides the strongest protection against email spoofing. Even a score of 70 or above indicates a solid foundation, but anything below that leaves significant gaps in your email security.
How often should I scan my domain?
You should scan your domain regularly, especially after making any DNS changes, adding new email sending services, or updating your mail server configuration. DNS records can be accidentally modified or overwritten during migrations. DMARC Busta provides continuous monitoring for registered domains, automatically alerting you if your email authentication configuration changes or degrades.
What does a failing DMARC check mean?
A failing DMARC check means your domain does not have a valid DMARC record or the existing policy is not providing protection. Without DMARC, anyone on the internet can send emails that appear to come from your domain. This makes your organisation a target for phishing attacks, damages your brand reputation, and can lead to your legitimate emails being treated with suspicion by receiving mail servers.

Related Tools

More free tools to secure your email authentication

SPF Checker

Validate your SPF record and count DNS lookups.

DMARC Generator

Create a valid DMARC record for your domain.

Domain Health

Full health check across all email protocols.

DKIM Generator

Generate DKIM keys and DNS records.

Want Automated Email Security?

Stop manually managing DNS records across dozens of domains. DMARC Busta monitors your email authentication continuously and fixes issues automatically with AI-powered Autopilot.

Get Started Free

Get Your Email Security Report

We'll send a detailed DMARC, SPF & DKIM analysis to your inbox.