Email tool
Email Authentication Coverage Score
Score a domain's SPF, DKIM, and DMARC coverage with honest, transparent methodology.
Scores published SPF, DMARC policy, and common DKIM selectors over DNS.
Frequently asked questions
How is the Auth Coverage Score calculated?
The score is based on three layers: SPF presence (up to 30 points), DMARC presence and enforcement policy (up to 40 points — p=reject scores highest, p=none scores lowest), and DKIM detection across 11 common selectors (up to 30 points). The maximum score is 100. This tool does not query Talos, Spamhaus, Sender Score, or any commercial blocklist — those require separate tools and are outside the scope of DNS-based auth coverage.
What score should a regulated business aim for?
Organizations in legal, healthcare, and financial services should aim for a grade of A (90+). This requires SPF with a strict ~all or -all mechanism, DMARC with p=reject or p=quarantine, and DKIM signing on all outbound mail. p=none DMARC is a monitoring-only posture and should be treated as a transitional step, not a final configuration.
Want this handled for you?
Elevate manages IT & security for regulated Los Angeles firms.
Related email tools
Phishing & Email Header Analyzer
Paste raw email headers to analyze authentication results (SPF/DKIM/DMARC) and spot phishing indicators.
DMARC / DKIM / SPF Checker
Check a domain's email authentication records across common DKIM selectors.
Email Header Analyzer
Decode raw email headers to trace the delivery path and authentication results.
Email Deliverability Troubleshooter
Diagnose common reasons your email lands in spam.