The measured data for protocol coverage shows that for SPF, the coverage is 78% with a correct setup of 92% when not using +all. For DKIM, the coverage is 62% and the correct setup is 55% with a key size of 2048 bits or greater. In terms of DMARC, the coverage is 34% and the correct setup is 12% when using p=reject. Full tables are provided below on this page.
Free online tool — email check checker: instant results, no signup.
Analysis via Enterno.io Email Checker for Q1 2026: 50,000 domains (.ru, .рф + RU-hosted). Checked: SPF syntax, DKIM selectors + key size, DMARC policy and tag coverage, blacklist listing (Spamhaus/Barracuda/SORBS), open-relay on 25/587.
| Protocol | Coverage | Correct setup |
|---|---|---|
| SPF | 78% | 92% without +all |
| DKIM | 62% | 55% with key ≥ 2048 bit |
| DMARC | 34% | 12% on p=reject |
DMARC remains the most underused — without it SPF+DKIM do not fully protect from spoofing. And p=none is "reports only", not protection.
From a significant number of domains, a portion is listed in Spamhaus SBL/XBL, a smaller percentage in Barracuda BRBL, and an even smaller fraction in SORBS. The most common reason for these listings is compromised hosting accounts, followed by legitimate marketing emails from domains lacking proper SPF configuration.
Check a domain against blacklists online — /en/email-check.
~all (not +all).Email deliverability in Runet 2026 is largely governed by the implementation of SPF, DKIM, and DMARC protocols, which collectively enhance the credibility of email senders and improve inbox placement rates. Properly configured, these standards can significantly improve deliverability rates, with SPF coverage at 78% and DKIM at 62%. For effective management, ensure SPF records are under 10 DNS lookups, DKIM keys are at least 2048 bits, and DMARC policies are set to 'reject' after a monitoring phase, noting that only a small percentage of DMARC implementations currently achieve this level of enforcement.
Email deliverability hinges on three critical standards: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). These protocols work in tandem to authenticate the sender's identity and prevent email spoofing, which enhances trust with receiving mail servers.
SPF is a DNS record that specifies which mail servers are permitted to send email on behalf of your domain. To implement SPF, you need to create a TXT record in your DNS settings. Here’s an example:
v=spf1 include:_spf.google.com ~allThis SPF record allows Google Workspace servers to send emails for your domain, while the '~all' at the end indicates a soft fail for any other servers. It’s crucial to keep the number of DNS lookups under 10 to avoid exceeding the limit set by the SPF specification.
DKIM adds a digital signature to your emails, allowing the recipient's server to verify that the email was indeed sent by you and hasn’t been altered in transit. To set up DKIM, generate a public/private key pair and publish the public key as a TXT record in your DNS. A typical DKIM record looks like this:
default._domainkey.yourdomain.com IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB..."Ensure your private key is securely stored on your email server. A minimum key length of 2048 bits is recommended to maximize security.
DMARC builds on SPF and DKIM by allowing domain owners to specify what actions should be taken when an email fails SPF or DKIM checks. A DMARC record can be created as follows:
v=DMARC1; p=reject; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-failures@yourdomain.com; pct=100In this example, the policy is set to 'reject', meaning that emails failing authentication checks will be rejected. The 'rua' and 'ruf' tags indicate where aggregate and forensic reports should be sent, providing valuable insights into your email traffic.
To ensure optimal email deliverability, follow these steps:
For example, to check your SPF configuration, use the following command:
dig TXT yourdomain.comThis command retrieves the TXT records for your domain, allowing you to verify your SPF record.
By implementing and maintaining SPF, DKIM, and DMARC records, you can significantly enhance your email deliverability rates, ensuring that your messages reach their intended recipients in Runet 2026 and beyond.
Proper SPF, DKIM, and DMARC configuration directly impacts email deliverability. Without these records, your emails land in spam or are rejected before delivery.
SPF record correctness: syntax, allowed server list, fail mechanism.
Presence and validity of DKIM signature for the specified selector.
DMARC record parsing: policy, rua/ruf reports, SPF and DKIM alignment.
Numerical delivery readiness score with improvement recommendations.
mailing list verification
registration validation
CRM contact check
mail delivery troubleshooting
?all means "neutral" — that's not protection. Use -all.p=none only collects reports. Move to p=quarantine or p=reject.rua=mailto:dmarc@yourdomain.com — receive weekly aggregate reports.Email check history and API keys for service integration.
Sign up freeQ1 2026. Updated quarterly.
Yes, with attribution to Enterno.io.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.