Test Your Email Authentication

Q: What does SPF passes but DMARC fails mean?

It means SPF authorised the sending IP, but the domain it authorised is not the same as the visible From: domain. This is the third-party sender problem: a marketing tool sends from mail.someoneelse.com on your behalf, SPF passes against their domain, but DMARC requires the SPF-authenticated domain to align with your From: domain.

Send a real email and see if your DMARC, SPF, and DKIM are actually working — not just configured

Check your email authentication

Send an email from your business account to:

Subject and body don't matter. Just send any email.

Link expires in minutes

Why send an email?

DNS scanners check if your records exist. This tool checks if they actually work when a real email is sent from your server. Your SPF record might be perfect in DNS but your mail server might not be aligned. The only way to know is to test with a real email.

Email Authentication Score

Email from

Live Test Results

DNS Records

Mail Servers (MX)

Additional Protocols

BIMI

MTA-STS

TLS-RPT

Recommendations

Monitor & Fix Automatically →

Free forever · No credit card · 30 second setup

← Full DNS scan | Test another email →

This test link has expired.

Start a New Test →

What This Email Authentication Tester Checks

A real receiving mailbox processes your test email exactly the way Gmail or Outlook would — this tool just shows you the result

Most "email authentication" checks just look at your DNS records. That tells you whether you have published a DMARC record, an SPF record, and a DKIM key — but not whether they actually work for the email you send.

This tester is different: you send a real email from your real mail server, and a real inbox at dmarcbusta.pro receives it, runs the same SPF, DKIM, and DMARC checks Gmail and Outlook do, and reports back whether each one passed, failed, or was misconfigured. If the checks pass here, they will pass in production. If they fail, the report tells you exactly which mechanism broke.

The most common failure pattern is "SPF passes but DMARC fails" — usually a third-party sending service (CRM, marketing tool, transactional email API) authenticated against its own domain rather than yours, so the DMARC alignment check fails even though SPF technically passed. The Authentication-Results breakdown will show you exactly that.

Three Checks, One Email

SPF Did the sending IP appear in your SPF record?

DKIM Did the cryptographic signature on the message verify?

DMARC Did at least one of SPF/DKIM pass and align with the From: domain?

Related Tools

If the test fails, jump straight to the underlying record check

DMARC Checker

Look up your DMARC record and validate the policy.

SPF Checker

Validate SPF and view the DNS lookup tree.

DKIM Checker

Validate DKIM keys and check signature strength.

Header Analyzer

Paste raw email headers to dig deeper into auth results.

Frequently Asked Questions

How do I test my email authentication?

Send a test email from your normal sending mailbox to the unique address shown above. Our receiving server will perform real SPF, DKIM, and DMARC checks against your message and report back the results within seconds. The address is single-use and tied to this browser session, so results are private to you.

Why does this matter when I already have DMARC, SPF, and DKIM records?

Having the records is half the story. The other half is whether your sending services actually use them properly — signing with the right key, sending from the right IPs, and aligning the From: domain with what gets authenticated. Many domains have technically valid records but still fail real-world authentication because of misconfigured third-party senders. This tester catches that.

What does "SPF passes but DMARC fails" mean?

It means SPF authorised the sending IP — but the domain it authorised is not the same as the visible From: domain. This is the classic third-party sender problem: a marketing tool sends from mail.someoneelse.com on your behalf, SPF passes against their domain, but DMARC requires the SPF-authenticated domain to align with your From: domain. Fix it by configuring the sender to use a custom Return-Path on your domain.

Is this email authentication tester free?

Yes, completely free, no signup. Each test gets a unique address, the result is shown live, and you can save a permanent report link if you want to share the findings with your team or email provider.

One Test Today — or Continuous Monitoring

This tester catches problems at one moment in time. DMARC Busta watches every domain you manage continuously, ingests aggregate reports, and alerts you the day a sender breaks — not the week customers complain.

Get Started Free