Email Security Analysis of gmail.com

Complete verification of gmail.com's SPF, DKIM, and DMARC records. Find out if this domain is protected against email spoofing.

Last updated: April 2, 2026

40D

This domain is vulnerable to spoofing

SPF

Warning

v=spf1 redirect=_spf.google.comRead the guide

DKIM

Missing

No record found

Read the guide

DMARC

Warning

v=DMARC1; p=none; sp=quarantine; rua=mailto:mailauth-reports@google.com

Read the guide

MX

gmail-smtp-in.l.google.com, alt1.gmail-smtp-in.l.google.com, alt2.gmail-smtp-in.l.google.com, alt3.gmail-smtp-in.l.google.com, alt4.gmail-smtp-in.l.google.com

Recommendations

1Change your DMARC policy from p=none to p=reject to block spoofing
2Harden your SPF by replacing ~all with -all (hardfail)
3Enable DKIM in your email provider and add the public key to your DNS zone

Need help securing your domain?

If you're not sure how to apply these fixes, get in touch and we'll help you out.

Run a live analysis

The results above are updated daily. For an instant check of gmail.com, run a live analysis.

Analyze gmail.com live

Guides to understand these results

SPF Guide

Understand how SPF defines which servers are authorized to send emails for a domain.

DKIM Guide

Discover how DKIM cryptographically signs your emails to guarantee their authenticity.

DMARC Guide

Learn how DMARC orchestrates SPF and DKIM to protect your domain.

SPF vs DKIM vs DMARC

Compare the three protocols and understand how they work together.