What does a domain health check test?
It performs live DNS lookups against your domain and inspects six key email authentication standards: SPF (which IP addresses may send on your behalf), DKIM (cryptographic message signing), DMARC (policy for failing messages), MTA-STS (encrypted transport enforcement), BIMI (brand logo in inboxes), and TLS-RPT (transport security reporting).
Why do I need SPF, DKIM, and DMARC together?
Each standard handles a different attack vector. SPF restricts which servers may send for your domain. DKIM cryptographically signs messages. DMARC ties the two together and tells receiving servers what to do when both fail. Without all three, spoofers can impersonate your domain and your legitimate mail is more likely to land in spam.
How often should I check my domain's email health?
Run a check at least quarterly, and immediately after any DNS change, mail server migration, or when adding a new sending service. Each new sender needs its own SPF include and DKIM key.
