Email Security Checker
Attackers spoof business domains to phish your staff, customers and suppliers — and weak email records send your legitimate mail to spam. Enter your domain to check SPF, DKIM, DMARC, MTA-STS and TLS-RPT live, get an overall score, and see prioritised, plain-English fixes. Lookups run from your browser using public DNS; nothing is sent to us until you choose to.
Email security score for —
—
Per-check breakdown
Prioritised fixes
Strong result — the core email-security records are all in place. Keep an eye on your DMARC reports and review as your mail setup changes.
Use — Guide
How to use this tool
- Enter the domain you send business email from — for example, yourbusiness.com.au — and press "Check my domain".
- Wait a few seconds while the tool queries public DNS records directly from your browser.
- Read your overall email security score out of 100 and the band — Strong, Needs work, or At risk.
- Review the per-check breakdown: a Pass, Warn or Fail badge for each of SPF, DKIM, DMARC, MTA-STS and TLS-RPT.
- Work through the prioritised fixes list — fails are shown first, then warnings, each with a plain-English action.
- Optionally send your result to Peritus Digital via the contact form for expert help implementing the fixes.
FAQ — Questions
Frequently asked questions
01Is my domain or email data stored when I run a check?
No. The Email Security Checker runs DNS lookups directly from your browser using public DNS-over-HTTPS (Google and Cloudflare). No data is sent to Peritus Digital until you choose to submit the optional contact form at the end.
02What is SPF and why does it matter?
SPF (Sender Policy Framework) is a DNS record that lists the servers allowed to send email as your domain. Without a correct SPF record ending in -all, anyone can send email that appears to come from your domain — enabling phishing and spoofing attacks that deceive your customers, staff and suppliers.
03What is DMARC and why isn't SPF alone enough?
DMARC tells receiving mail servers what to do when an email fails SPF or DKIM — quarantine it or reject it outright. SPF alone can be bypassed using header-spoofing tricks; DMARC closes that gap. A DMARC policy of p=reject is the strongest protection against domain spoofing.
04What is MTA-STS and do I need it?
MTA-STS (Mail Transfer Agent Strict Transport Security) forces inbound email to be delivered over encrypted TLS connections, preventing downgrade attacks and man-in-the-middle interception. It's increasingly expected alongside DMARC and SPF for businesses handling sensitive client communication.
More — Keep exploring
Related free tools
Want hands-on help, not just a check? Explore ourCyber Security service.
Let’s close these gaps
These gaps leave you exposed — let’s close them.
Our Newcastle team implements the fixes identified above — configuring SPF, DKIM, DMARC and MTA-STS the right way and moving DMARC safely to enforcement without disrupting legitimate mail. Most gaps can be closed in a single session. Send your result through and we’ll come back with clear next steps.
Prefer to talk? Call 02 4081 9500.
