What does DMARC p=none mean and is it safe to leave it there?

p=none is monitoring mode. Receivers log failures and send you reports but still deliver the mail. It is fine to start there, but it gives zero protection against spoofing. Once SPF and DKIM are passing reliably, move to p=quarantine or p=reject. Leaving p=none in production long term is a known deliverability risk.

Free Email Deliverability Check - SPF, DKIM and DMARC

Q: What SPF record do I need for Google Workspace?

For Google Workspace, your SPF record must include include:_spf.google.com. A standard record looks like: v=spf1 include:_spf.google.com ~all. If you also send through other providers, merge them all into a single SPF record. Two separate SPF TXT records will fail.

Q: What SPF record do I need for Microsoft 365?

For Microsoft 365, add include:spf.protection.outlook.com to your SPF record. It should look like: v=spf1 include:spf.protection.outlook.com ~all. Never publish a second SPF TXT record. Merge all includes into one.

Built for operators & agencies

Live DNS - no cached APIs

No login required

No data retention

Privacy first diagnostics

Prevents blacklisting - not causes it

Check if your domain passes SPF, DKIM and DMARC. See exactly what is failing and what it means for your inbox placement.

Free check No signup SPF DKIM DMARC

Seeing sudden drops in opens, clicks, or replies? That often means silent filtering. Run the scan above, then use FixKit for copy-paste DNS fixes. Not sure if you have a problem? Read why emails go to spam.

Why InboxGreen is more reliable than basic checkers

Capability	InboxGreen Checker	Basic Checkers
DNS reliability	✅ Multiple resolvers with retry and backoff to avoid false not found	❌ Single resolver so timeouts often return wrong results
SPF analysis	✅ Walks include chains, counts lookups, flags flattening needs	❌ Reads only the top record and ignores lookup limits
DKIM discovery	✅ Scans common and provider selectors and lists what is live	❌ Assumes a default selector or skips discovery
DMARC parsing	✅ Accurate tag parsing for p, adkim, aspf, rua, ruf, pct	❌ Partial parsing and frequent mislabels of policies
Actionability	✅ Registrar friendly examples and copy paste snippets	❌ Generic advice with no concrete steps
Privacy	✅ No public vendor lists and minimal transient processing	❌ May log or retain domains without clarity

What this checker catches

Four critical signals that determine whether your emails land in the inbox or get silently filtered.

High risk if missing

SPF - Sending Authorization

If your SPF record is missing or broken, Gmail and Outlook treat your emails as unauthorized. We check the full include chain and count DNS lookups so you never hit the 10-lookup limit that causes silent rejections. See what happens when SPF fails.

Required by Gmail

DKIM - Message Signing

DKIM is the cryptographic signature that proves your message was not tampered with. Without it, providers treat your mail as untrusted. We scan multiple selectors to find what is actually published for your domain.

Critical for protection

DMARC - Policy Enforcement

DMARC tells receivers what to do when SPF or DKIM fail. Staying on p=none forever leaves your domain open to spoofing. We flag alignment gaps and show you the exact step to move toward enforcement. Losing Gmail reputation? Start here.

Reduces spam complaints

List-Unsubscribe - Complaint Control

Gmail and Yahoo now require one-click unsubscribe for bulk senders. Missing this header drives up complaint rates, which tanks your sender reputation over time. We verify your setup and show the exact header code if it is missing. Dealing with high complaint rates? Read this.

How it works

Type your domain and hit Check now. No account needed, completely free.
We run live DNS lookups against your domain. No cached data, no stale results.
We flag every failure, warning, and misconfiguration with a plain-English explanation of what it means for your inbox placement.
You get a risk score (Critical / At Risk / Safe) so you know exactly how urgent the situation is.
If records are broken, you can unlock the FixKit for copy-paste DNS fixes tailored to your domain and provider.

What we analyze

Area	Checks	Why it matters
SPF	Record presence, policy, includes, DNS lookup count and duplicate or legacy entries	Prevents spoofing and avoids too many lookups rejections.
DKIM	Selector presence, key record formatting and multiple selectors	Authenticates message content and requires readable selectors.
DMARC	Policy p, alignment adkim and aspf, reporting rua and ruf and pct	Enforces policy with feedback loops to improve over time.
List Unsubscribe	Header formats, mailto or https patterns and one click readiness	Reduces complaints and improves deliverability and user trust.

Privacy

We run live lookups to generate this page and do not retain your domain or results longer than needed to serve your request. No marketing cookies are used on this page.

Frequently Asked Questions

Common questions from founders, marketers and developers checking their domain for the first time.

Why are my emails going to spam even though they worked before? expand_more

The most common cause is a DNS change that broke SPF or DKIM without anyone noticing. It happens when you add a new sending tool, switch providers, or update an unrelated DNS record. Run the check above to see exactly which record failed and what needs fixing. If the problem is ongoing, read our full guide on why emails go to spam.

What SPF record do I need for Google Workspace? expand_more

For Google Workspace, your SPF record must include include:_spf.google.com. A standard record looks like: v=spf1 include:_spf.google.com ~all. If you also send through SendGrid, Mailgun, or another platform, you need to merge them into a single SPF record. Two separate SPF TXT records = instant fail.

What SPF record do I need for Microsoft 365? expand_more

For Microsoft 365, add include:spf.protection.outlook.com to your SPF record. It should look like: v=spf1 include:spf.protection.outlook.com ~all. Never publish a second SPF TXT record. If you already have one, merge the includes into one record, otherwise the check will fail.

What does DMARC p=none mean - is it safe to leave it there? expand_more

p=none is monitoring mode. Receivers log failures and send you reports, but they still deliver the mail. It is fine to start there, but it gives you zero protection against spoofing. Once SPF and DKIM are passing reliably, move to p=quarantine or p=reject. Leaving p=none in production long term is a known deliverability risk, especially with bulk senders.

How do I check if my domain is on a blacklist? expand_more

Run a free check above. The scan includes a blacklist lookup across major blocklists including Spamhaus, Barracuda and SURBL. If you are listed, the results will show which list flagged you and what to do next. For a deeper guide, see our page on domain blacklisting recovery.

Does fixing SPF, DKIM and DMARC guarantee my emails will reach the inbox? expand_more

Authentication is the foundation, not the full answer. Clean records remove the most common technical reasons for spam placement. But inbox placement also depends on sender reputation, list hygiene, complaint rate, and content quality. Fix authentication first. Then monitor reputation signals with ongoing monitoring to catch issues before they cost you.

add_chart Get alerts and weekly reports