Log in
CaptainDNS

Propagation & diagnostics

Compare resolvers worldwide and inspect returned answers.

Email authentication

Tools to verify and validate your email authentication setup.

SPF syntax validator

Review include chains and DNS query limits before publishing changes.

SPF record inspector

Resolve the published TXT record, flag lookup limits and decode each mechanism.

DKIM syntax validator

Quickly check the syntax of your DKIM records.

DKIM record check

Resolve a selector and analyse the published DKIM TXT record.

DMARC syntax validator

Check rua/ruf destinations, alignment modes and the active policy before publishing.

DMARC record inspector

Resolve the published policy, surface diagnostics and confirm enforcement before switching to reject.

BIMI syntax validator

Validate BIMI tags, the logo fetch and the VMC certificate before publishing.

BIMI record inspector

Resolve the published BIMI record, inspect logo and VMC diagnostics in one place.

Email deliverability audit

Audit MX, SPF, DKIM and DMARC to confirm a domain is ready to send.

Mail header analyzer

Decode participants, authentication results and routing from raw headers.

DMARC record generator

Create compliant DMARC records with all policy and reporting options.

Text

Transform, encode and measure your content in seconds.

Text case converter

Convert any block of text to upper or lower case instantly.

Base64 encoder / decoder

Encode or decode any content in Base64 without leaving the browser.

Slug generator

Transform any sentence into an SEO-friendly slug in seconds.

Word & character counter

Measure the length of any text, with instant word and character counts.

Images

Preview and validate your BIMI logos before publishing.

BIMI logo lookup

Inspect a BIMI logo URL—format, metadata and live rendering—before rollout.

Certificates

Inspect CSRs, BIMI logos and VMC certificates before you deploy.

CSR parser

Inspect a CSR, extract subject details, fingerprints and requested SANs.

VMC inspector

Inspect a Verified Mark Certificate—issuer, validity and SAN coverage—before you publish BIMI.

IP

Look up addresses, owners, reverse records and ranges.

Reverse lookup

Resolve a PTR record and validate DNS consistency.

IP WhoIs

Identify the owner of an IP range and its contacts.

IPv4 netmask

Calculate network, broadcast and usable hosts for any IPv4 block.

My IP address

Detect your IPv4/IPv6 addresses and their geolocation.

DMARC record inspector

How to properly use the DMARC inspector

Check the policy that recipients actually read before tightening enforcement. The tool queries _dmarc.<domain>, interprets each tag and highlights alerts returned by the API.

Prepare the domain

Enter the organisational domain exactly as it appears in email addresses. The inspector automatically adds _dmarc, follows any CNAME and collects all TXT responses.

Read the badges

Each policy receives a badge showing status, alignment modes, applied percentage and rua/ruf addresses. Errors mean the policy is ignored, warnings point to risky settings.

Compare responses

Resolver, latency and any DoH endpoint let you confirm propagation or identify a local DNS issue. Keep before/after snapshots to document your changes.

After the check

Archive the analysis with your change log. Complement it with the DMARC syntax validator, SPF and DKIM inspectors to validate the entire authentication chain before enabling reject.

Why use this DMARC inspector?

Check before sending that your DMARC record is readable and usable.
The tool queries _dmarc.domain, reads the returned TXT, highlights missing or invalid tags and explains the real effect of the policy. You save time and avoid iterations during production deployment.

DMARC in brief

DMARC links SPF and DKIM results to the domain visible in From. If SPF or DKIM passes and is aligned with From, the message is compliant. The p= tag indicates what to do otherwise observation, quarantine or reject. The rua and ruf tags send reports to guide progressive tightening.

Instructions

  1. Enter the domain to test.
  2. Click Inspect DMARC.
  3. Read the summary and detailed sections. Errors block enforcement. Warnings point to risks or practices to improve.
  4. Publish a corrected version then run another check.

What the inspector checks

DMARC TXT

  • Existence of a single TXT record on _dmarc.domain.
  • Presence and order of essential tags v=DMARC1 and p=.
  • Absence of CNAME. DMARC must be a direct TXT.
  • Reasonable size and readable TTL.

Policy and subdomains

  • p= none, quarantine or reject and operational impact.
  • sp= if present, policy applied to subdomains otherwise inherits from p.
  • pct= percentage of policy enforcement.

Alignments

  • adkim= and aspf= in r for relaxed by default or s for strict.
  • Explanation of alignment with From for SPF and DKIM.

Reports

  • rua= valid mailto: addresses, multiple allowed separated by commas.
  • ruf= optional, rarely distributed by operators.
  • Detection of external addresses and reminder of required authorization via _report._dmarc on recipient domain.
  • ri= interval of aggregate reports.

Failure options

  • fo= 0 by default, variants 1, d, s explained and recommended usage.

Common errors

  • Two DMARC records on the same name.
  • rua or ruf without mailto: prefix.
  • Policy p=none left in production too long.
  • Strict alignment enabled while legitimate flows are not ready.
  • External report address without _report._dmarc authorization.
  • Confusion between pct enforcement and ri report frequency.

Best practices

  • Start with p=none with active rua to observe.
  • Move to p=quarantine with progressive pct then to p=reject once false positives are eliminated.
  • Keep adkim and aspf in r initially, consider s when everything is stabilized.
  • Define sp if your subdomains send differently.
  • Keep a change log date, previous and new value, reason, TTL.

Quick troubleshooting

  • No record on _dmarc.domain publish a minimal TXT with v and p.
  • No reports received check rua, external authorization if applicable and mailbox-side filters.
  • Unexpected rejects lower pct or temporarily return to p=quarantine, fix flow alignment, retry.
  • Regional differences account for TTL and caches.