v2digga

Email

Free Email Security Check

Check a domain email security in one view. digga analyzes SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI and shows how well the domain resists spoofing.

Apex, subdomain, or URL. We figure it out.

Trygoogle.comwikipedia.orggithub.comvercel.comcloudflare.comopenai.com

What you get

Everything in one report.

  • 01

    SPF with limit check

    The SPF record is parsed and validated against the ten DNS lookup limit, a common reason SPF silently breaks.

  • 02

    DMARC policy and enforcement

    See whether DMARC is set to none, quarantine, or reject, and whether it is actually enforcing or only monitoring.

  • 03

    DKIM, MTA-STS, and more

    DKIM selectors, MTA-STS, TLS-RPT, and BIMI are all surfaced so you can see the full posture in one place.

  • 04

    A plain verdict

    digga turns the records into a clear read on how well the domain resists spoofing, and flags common misconfigurations.

What is an email security check?

An email security check reads the DNS based policies that decide whether a message claiming to come from a domain is genuine. SPF, DKIM, and DMARC together stop attackers from spoofing a domain to send phishing or fraud. digga inspects all of them, plus MTA-STS, TLS-RPT, and BIMI, and turns the result into a clear picture of how well the domain is protected.

SPF, DKIM, and DMARC explained

SPF lists the servers allowed to send mail for a domain. DKIM signs each message with a cryptographic key so receivers can verify it was not altered. DMARC ties the two together, tells receivers whether to quarantine or reject mail that fails, and enables reporting. A domain needs all three configured correctly to meaningfully resist spoofing. digga checks each one and explains what is missing.

MTA-STS, TLS-RPT, and BIMI

MTA-STS tells sending servers to require encrypted, authenticated delivery, closing a downgrade attack on email in transit. TLS-RPT collects reports about delivery failures so you can spot problems. BIMI lets a domain display its logo in supporting inboxes once DMARC is enforcing. These records round out a strong email setup, and digga reports on each.

Why email authentication matters

Email spoofing is one of the most common vectors for phishing, invoice fraud, and brand abuse. A domain with weak or missing SPF, DKIM, and DMARC can be impersonated by anyone. Getting these records right protects your recipients, improves deliverability to the inbox, and is increasingly required by major mailbox providers.

Keep digging

Related tools.

DNS LookupWHOIS LookupSSL and TLS Certificate Checker

FAQ

Questions, answered.

Is this email security check free?
Yes, completely free with no signup. digga is open source under AGPL 3.0.
What does the email check analyze?
SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI for any domain, with the SPF record validated against the ten DNS lookup limit.
What does a strong SPF and DMARC setup look like?
A valid SPF record within the ten lookup limit, DKIM signing in place, and a DMARC policy set to quarantine or reject rather than none, so failing mail is actually rejected.
What is the SPF ten lookup limit?
SPF allows at most ten DNS lookups while evaluating a record. Exceed it and SPF fails with a permerror, so digga checks your record against the limit.
Does a passing check mean my domain cannot be spoofed?
It means the published policies are strong, which is most of the battle. Real protection also depends on DMARC being enforced and on the receiving server honoring these records.
Can I check SPF and DMARC for a subdomain?
Yes. Enter a subdomain and digga evaluates the records that apply to it.

Ready to dig?

Enter a domain to run the email security check now.

Apex, subdomain, or URL. We figure it out.