The table below shows the commands used in Windows Command Line and Mac OS Terminal to query for the SPF, DKIM and DMARC records for a particular domain.
Follow the instructions below and substitute the words selector and domain with the corresponding DKIM selector and domain you would like to look up.
Record | Windows Command Line | Mac OS Terminal
-------|----------------------------|-----------------------------------
SPF |nslookup -type=txt domain |dig txt domain
-------|----------------------------|-----------------------------------
DKIM |>nslookup |dig txt selector._domainkey.domain
|>set q=txt |
|>selector._domainkey.domain |
-------|----------------------------|-----------------------------------
DMARC |nslookup -type=txt |dig txt _dmarc.domain
| _dmarc.domain |
-------|----------------------------|-----------------------------------
Check your DMARC, DKIM & SPF
While querying can give some information on SPF, DKIM and DMARC you can check your own configuration in detail with OnDMARC's free tool Investigate.
Example 1. Querying the SPF record for google.com using nslookup.
nslookup -type=txt google.com
Example 2. Querying the DKIM key for ondmarc.com using dig. You will have to know the DKIM selector - "google" in our case - being used in order to query for the DKIM key.
dig txt google._domainkey.ondmarc.com
Example 3. Querying the DMARC record for google.com using nslookup.
nslookup - type=txt _dmarc.google.com
Analyze a domain’s security in 1 click
OnDMARC’s Analyzer tool will reveal the status of SPF, DKIM and DMARC for any domain in 1 click. A handy feature to investigate how secure your supply chain is and if they’re vulnerable to email impersonation.
Try it out for free by starting a 14-day free trial with OnDMARC today.