Email Sender Compliance Checker
Since 2024–2025, Google, Yahoo and Microsoft reject bulk email from domains that fail their authentication requirements. Enter your sending domain and see exactly where you stand against each provider's rules — with the precise DNS records to publish when something is missing.
What are the bulk-sender requirements?
Between February 2024 and May 2025, the three largest mailbox providers stopped treating email
authentication as optional. Google and Yahoo moved first (February 2024), requiring SPF, DKIM and DMARC
from anyone sending 5,000+ messages per day to their users — and by late 2025 Google escalated from
temporary delivery delays to permanent rejections. Microsoft followed in May 2025 for
Outlook, Hotmail and Live addresses, bouncing non-compliant bulk mail outright with the SMTP error
550 5.7.515.
What does this tool check?
Everything that is verifiable from public DNS, using the same live lookups receiving servers perform:
- SPF — a valid
v=spf1record, and whether itsallqualifier actually protects you. - DKIM — a published signing key under the selectors used by the major platforms (selectors cannot be enumerated, so a custom selector may exist that we cannot see — check the
s=tag in a real message header). - DMARC — a record at
_dmarc.yourdomain, its policy strength, and reporting configuration. - MX — working mail exchangers, the foundation receivers sanity-check.
The behavioral requirements — spam-complaint rate under 0.3%, one-click unsubscribe, reverse DNS on sending IPs — live in your sending platform and provider dashboards, not in DNS. We list them per provider so nothing gets missed, but no web tool can honestly tick them for you.
I failed a check — what now?
Each failing row above includes the exact record syntax to publish. The usual order: enable DKIM
signing in your email platform first (it requires publishing the key the platform generates), confirm
your SPF record lists every service that sends as your domain, then add DMARC starting at
p=none with reporting so you can see who is sending before you enforce. Our
DMARC guide walks through the full journey, and the
DMARC report dashboard turns the raw reports
into a "safe to enforce?" answer.
Frequently asked questions
Do these rules apply if I send fewer than 5,000 emails a day?
The hard rejections target bulk senders, but Google and Microsoft apply the same signals to everyone's spam filtering. A small sender without SPF or DKIM is not rejected at the door — it just quietly lands in spam. The same fixes apply.
Is 5,000/day measured per message or per recipient?
Per message to recipients at that provider, counted per sending domain per day — and once a domain is classified as a bulk sender, it generally keeps that status even if volume later drops.
Which matters more, SPF or DKIM?
Bulk senders need both under the Google/Yahoo rules, and DMARC needs at least one of them to pass in alignment with your From: domain. DKIM survives forwarding; SPF often does not — so DKIM alignment is what usually keeps DMARC passing in the real world.
My provider signs with a selector you did not find. Am I failing?
Not necessarily. DKIM selectors cannot be listed from DNS, so we probe the common ones. Send
yourself a message and read the DKIM-Signature header: the s= value is
your selector, and if the signature verifies, you pass — regardless of what any web checker shows.
How this tool works: This tool runs in your browser and on our server in real time. Depending on the tool, results are computed directly from the input you provide or retrieved from live, authoritative data sources at the moment you run a lookup. We do not sell your data, and your lookups are kept private — any history shown here is stored only on your device.