First of all, you want to get a full message header. Here are the instructions for Gmail and Outlook.
Once you have the header open, locate the
Authentication-Results section as defined by RFC 8601. It should look similar to this:
Authentication-Results: mx.example.com; dkim=pass [email protected] header.s=example header.b=AbCdEfGh; arc=pass (i=2 spf=pass spfdomain=example.com dkim=pass dkdomain=example.com dmarc=pass fromdomain=example.com); spf=pass (example.com: domain of [email protected] designates 22.214.171.124 as permitted sender) [email protected]; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=example.com
Make sure you don’t see any results like
permerror and so on. If any of the SPF, DKIM or DMARC checks don’t pass, you need to fix it.
And, if you want to learn more about it, a good place to start is wiki.