Why email authentication matters
Email is still the number-one way attackers get into organizations. If your domain doesn't publish the right DNS records, anyone can forge messages that appear to come from you, to your customers, your staff, or your suppliers. The three records that stop this are SPF, DKIM, and DMARC.
SPF (Sender Policy Framework) lists which mail servers are allowed to send email for your domain. Without it, or with a misconfigured ~all instead of a stricter policy, receiving servers have no reliable way to reject forgeries.
DKIM (DomainKeys Identified Mail) attaches a cryptographic signature to every message, proving it really came from your domain and wasn't tampered with in transit. A missing DKIM selector means recipients can't verify authenticity.
DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together and tells receivers what to do with messages that fail, monitor, quarantine, or reject. A domain with p=none is only watching; p=rejectactually blocks spoofed mail. DMARC also delivers reports so you can see who's sending as you.
This free checker queries your domain's DNS and grades all three. It's the same email module that runs inside the full NEL VEIL assessment, which also checks TLS, security headers, exposed services, subdomains, breach exposure, and more across 17 modules, then maps the results to a 0-100 Veil Posture Score. If email security is a gap, our identity-verified professionals can fix it with a fixed-price Email Security Hardening engagement, including the DNS changes and a verification re-scan.