Email Deliverability Check
Analyse your domain’s email authentication, routing, and reputation in one scan.
No MX records found. Email delivery is likely broken.
MX records define where email for your domain is delivered. Without them, no mail can be received. Multiple MX records with different priorities provide automatic failover. An RFC 7505 Null MX (priority 0, host “.”) is detected and shown here — it explicitly declares the domain does not accept email.
No SPF record found. Add a TXT record starting with "v=spf1".
SPF lists which IP addresses are authorised to send email as your domain. A hard fail (-all) is strongest — receivers reject anything not on the list outright.
No DKIM records found after checking 199 common selectors. DKIM signing may not be configured or uses a non-standard selector.
DKIM adds a cryptographic signature to every outgoing message. Receiving servers use your public key (published in DNS) to verify the message hasn't been altered in transit.
No DMARC record at _dmarc.iisc.co.in..
DMARC ties SPF and DKIM together with an enforcement policy. p=reject is the gold standard — it instructs receivers to block unauthenticated mail entirely and protects your domain from spoofing.
No DMARC record — aggregate reports cannot be received.
DMARC can send you daily XML reports (rua=) about which servers are sending mail as your domain and whether they pass authentication. Forensic reports (ruf=) include individual failure samples. Without these you are flying blind.
No MTA-STS DNS record found. MTA-STS forces TLS for inbound mail.
MTA-STS forces other mail servers to use TLS encryption when delivering to you, blocking downgrade attacks that would expose messages in transit. It works together with TLSRPT for visibility.
No TLS Reporting (TLSRPT) record. Optional but recommended alongside MTA-STS.
When TLS negotiation fails during inbound delivery, TLSRPT sends you a structured JSON report. This lets you detect misconfigured sending servers or active downgrade attacks targeting your MTA-STS policy.
No BIMI record. BIMI enables brand logo display in supporting email clients.
BIMI lets you display your verified brand logo in supporting inboxes (Gmail, Apple Mail, Yahoo). It requires DMARC with quarantine or reject, and an SVG logo hosted at a published URL.
No MX hosts to check PTR for.
Checks that each MX server IP has a PTR record and that the PTR hostname forward-resolves back to the same IP (FCrDNS). Most spam filters require FCrDNS to pass — a missing or non-confirming PTR raises the spam score of your outbound mail.
No MX host to check.
Checks whether your MX server IPs (IPv4 and IPv6) appear on major spam blocklists (Spamhaus, SpamCop, Barracuda, SORBS, and others). A single listing can cause severe delivery failures at major providers.
| Mechanism | Meaning |
|---|---|
all | Catch-all (always matches) |
a | Domain's A/AAAA records |
mx | Domain's MX hosts |
ip4 | IPv4 address / range |
ip6 | IPv6 address / range |
include | Include another domain's SPF |
exists | Custom A-record lookup |
ptr | PTR record check (deprecated) |
| Prefix | Result |
|---|---|
+ | Pass (default) |
- | Fail |
~ | SoftFail |
? | Neutral |
| Tag | Purpose |
|---|---|
redirect | Use another domain's full SPF policy |
exp | Explanation string on failure |
| Tag | Purpose / Values |
|---|---|
v | Version — must be DMARC1 |
p | Policy: none · quarantine · reject |
sp | Sub-domain policy (defaults to p) |
adkim | DKIM alignment: r relaxed · s strict |
aspf | SPF alignment: r relaxed · s strict |
pct | % of mail policy applies to (0–100) |
| Tag | Purpose |
|---|---|
rua | Aggregate report URI (mailto:) |
ruf | Forensic report URI (mailto:) |
fo | Failure options: 0 both fail · 1 either fails · d DKIM · s SPF |
rf | Report format: afrf (default) |
ri | Reporting interval in seconds (default 86400) |
| Tag | Purpose |
|---|---|
v | Version — must be 1 |
a | Algorithm: rsa-sha256 · ed25519-sha256 |
d | Signing domain |
s | Selector (DNS lookup: s._domainkey.d) |
h | Signed headers list |
b | Signature value (base64) |
bh | Body hash |
c | Canonicalization: simple · relaxed |
t | Signature timestamp |
x | Signature expiry timestamp |
l | Body length limit |
| Tag | Purpose |
|---|---|
v | Version — DKIM1 |
k | Key type: rsa · ed25519 |
p | Public key (base64); empty = revoked |
t | Flags: y test mode · s strict |
h | Acceptable hash algorithms |
s | Service type: email · * |
n | Human-readable notes |