Skip to main content
Read Authentication-Results — Decode SPF, DKIM, and DMARC verdicts instantly. Check Headers →

What is “Authentication-Results” and how to read it?

Authentication-Results is a header added by receiving servers documenting the results of email authentication checks. It's the definitive record of whether your authentication passed.

Example:

Authentication-Results: mx.google.com; dkim=pass header.i=@example.com header.s=selector1; spf=pass (google.com: domain of bounce@mail.example.com designates 192.0.2.1 as permitted sender) smtp.mailfrom=bounce@mail.example.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=example.com

  • Breaking it down:
  • mx.google.com: The server that performed the checks
  • dkim=pass: DKIM verification succeeded. header.i shows the signing identity; header.s shows the selector
  • spf=pass: SPF check passed. smtp.mailfrom shows the envelope sender domain checked
  • dmarc=pass: DMARC alignment and policy check passed. p= shows the domain's policy; dis= shows what action was taken
  • Common results: pass, fail, softfail, neutral, none, temperror, permerror
  • When troubleshooting, this header tells you exactly what succeeded or failed and often explains why.
Need personalized help?

Decode your Authentication-Results header like a pro. Open an AI assistant with your question pre-loaded — just add your details and send.

ChatGPT Claude Gemini Perplexity

Last updated: