Email authentication estimate

Email Deliverability Doctor

Check the public DNS and optional sender-IP signals that commonly affect email authentication: MX, SPF, DMARC, DKIM selector records, MTA-STS, TLS-RPT, PTR, and selected blacklist context.

This tool does not send test email, log into mailboxes, inspect content, or promise inbox placement. It shows what is visible and what to fix next.

Check email domain Open Public Exposure Report

Result first Safe Copy after scan Advanced details below

Safe Copy avoids raw email diagnostics. It keeps the domain-level result and fixes while masking IP values, removing raw DNS payloads, and confirming email local-parts are not copied. See what the receipt removes.

Before interpreting resultsEmail report limits

Authentication first, claims second.

SPF, DKIM, DMARC, MX, PTR, MTA-STS, and TLS-RPT are checked as public signals. Real pass/fail still depends on actual messages and receivers.

No inbox placement guarantee.

The result is an Email Exposure Estimate, not a deliverability score, spam score, reputation guarantee, or provider compliance certification.

Diagnosis first

Email Exposure Estimate

Safe report available after scan.

Preparing your report...

Use Safe Copy from this result before sharing. The copied report keeps authentication findings and next steps without exposing raw sender-IP context or private email local-parts.

Copy safely Safe Copy

Top issues

What needs attention

Maximum five issues are shown here.

Next steps

Recommended Fixes

Prioritized for DNS and mail-provider work.

Technical details

Checks

Collapsed by default.

Share safely

Copy Actions

Use Safe Copy before sharing results.

Safe Copy keeps the domain-level result, removes raw sensitive fields, masks IP values, and confirms that email local-parts are not stored or copied.

Limits

What this tool does not do

Clear limits keep the result useful.

No test email

The scanner does not send mail, open relays, log into accounts, or inspect message bodies.

No DMARC alignment claim

Alignment can only be judged from real message headers and Authentication-Results.

No DKIM missing claim without selector

DKIM selectors are provider-specific, so the scan checks only selectors you provide.

No universal reputation guarantee

Selected blacklist signals are limited and cannot replace provider postmaster tools.

Monitoring beta (optional)

Email authentication change review is available for beta review

Monitoring will compare MX, SPF, DKIM selector checks, DMARC policy, MTA-STS, TLS-RPT, PTR/FCrDNS, and selected blacklist signals. Beta review is optional; public signup, dashboards, billing, and automatic alerts are not live.

DMARC policy weakened
SPF invalid or risky
MX/PTR provider changes
Blacklist signal appeared or resolved

Review monitoring beta Run full report

Focused tools

Use these when one signal needs deeper detail.

Email Domain Checklist

Email authentication review without inbox-placement claims

Use the free email scan to review public authentication signals. Beta monitoring can compare approved mail-domain changes, but it does not send email or promise placement.

SPF/DMARC changedReview SPF syntax, DMARC policy, alignment context, and reporting tags.

MX/PTR provider changedCompare mail exchanger, PTR/rDNS, and sender-IP context where provided.

DKIM selector reviewCheck selectors you provide; the tool does not guess every private selector.

Blacklist appearedSelected list changes can be reviewed, but this is not a full reputation certification.

Run free email scan Review monitoring beta

One-time scans are free. Monitoring beta is optional, requires approved public targets, and does not mean public signup, automatic alerts, billing, or dashboards are live. See How We Make Money and the Affiliate Disclosure.

B2B diagnostic report model

Email domain diagnostics

Email checks connect MX, SPF, DMARC, optional DKIM selector records, PTR/rDNS, sender-IP context, blacklist context, and email-header evidence.

SummaryStart with a plain-language status for the public target.

Top issuesPrioritize the few findings that need attention first.

What passedShow expected public signals without turning them into a certification.

What needs reviewSeparate limited, unavailable, and review-worthy signals.

Why it mattersExplain the business, delivery, crawl, or implementation impact.

Recommended fixesPoint to the DNS, hosting, email, CMS, or SEO owner who can act.

What this tool cannot checkThis does not send mail, inspect private mailboxes, guarantee inbox placement, or certify sender reputation everywhere.

Client-safe copyClient-safe copy should keep authentication findings and fixes while removing email local-parts, raw TXT payloads, raw sender IP details, and private mailbox context.

Monitoring beta (optional)Optional monitoring beta can compare MX, SPF, DKIM selector checks, DMARC policy, PTR/rDNS, and selected blacklist signals for approved domains.

Client-safe report

Share findings without leaking raw technical material

Use Safe Copy or this page's summary when sending results to a client, vendor, developer, or support team. Raw headers, credentials, tokens, cookies, private addresses, email local-parts, and oversized payloads should stay out of client-facing copy.

Review Safe Copy Review monitoring beta

Check my email domain

What this checks

Public mail-domain records and pasted email-header signals such as MX, SPF, DMARC, DKIM selector context, and sender-route clues.

Limits

What this cannot check

It cannot guarantee inbox placement, inspect private mailboxes, or certify sender reputation everywhere.

Read results

How to use the output

Treat results as review signals for this browser/session or public target. Re-test after one change, then use Safe Copy or notes that avoid raw identifiers.