New: SEO & AEO scanning — see how Google ranks you and how ChatGPT, Claude & Perplexity cite youSee how it works
SPF, DKIM, DMARC, MX, MTA-STS, and BIMI checked continuously — with a managed DMARC report inbox.
Overview
Email infrastructure fails silently: nothing bounces, your password resets and receipts just start landing in spam. Since the 2024 Google/Yahoo sender requirements, SPF, DKIM, and DMARC are the price of inbox admission. This monitor checks your full sending posture on every scan and parses your DMARC aggregate reports so you can actually see who is sending as your domain.
What this scanner does
Validates SPF presence, strictness, and the recursive 10-DNS-lookup limit; discovers DKIM selectors; grades DMARC policy strength (none/quarantine/reject) and reporting setup; checks MX posture including RFC 7505 null-MX; verifies MTA-STS and TLS-RPT for encrypted transport; and assesses BIMI readiness including the DMARC enforcement it requires. A managed DMARC report inbox receives and parses aggregate XML reports into a who-is-sending-as-you view.
Why it matters
A second SPF record or one integration past the 10-lookup limit silently voids your SPF on every email. A DMARC policy of none with unread reports means spoofers impersonate your domain freely and you never find out. These failures cost real revenue — onboarding emails in spam — weeks before anyone connects the symptom to the cause.
Common findings
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Infrastructure Check
Verify DNS configuration, SPF, DKIM, DMARC records, and domain security.
Monitoring & Intel
Domain expiry, transfer locks, nameserver drift, DNSSEC, CAA, and certificate runway — watched daily, alerted on change.
Monitoring & Intel
External uptime checks every 60 seconds with incident tracking, down/recovery alerts, and a public status page.
