Email Health Checker

Check DNS health of your email domain to ensure high email deliverability

#

Blacklists

Test against DNS based blacklists

Details
#

DMARC

Email authentication protocol check

Details
#

SPF

Check if domain is from your IP addr

Details
#

MX

DNS record for receiving emails

Details

Blacklists Test

StatusZone

DMARC DNS Record Test

StatusTest

SPF DNS Record Test

StatusTest

MX DNS Record Test

HostnamePriority

Not all email addresses are equal: some are healthier than others. When an email address becomes unhealthy, it may end up on an email blacklist, which can render it useless.

There are many factors that influence the health of an email address, including spam trap hits, unengaged recipients, spam complaints, unsubscribes, and hard bounces, just to name a few. In general, unhealthy email addresses send low-quality emails that their recipients don’t look forward to, while healthy email addresses do the opposite.

The problem is that you may seemingly do everything right and still end up on an email blacklist (more about email blacklists and how to remove an IP address or domain name from them at the end of this article). Why? The answer often boils down to misconfigured DNS records. More specifically, SPS, DMARC, and MX DNS records.

What Is SPF DNS Record and How to Set It Up?

A Sender Policy Framework (SPF) record is an authentication method for email messages whose purpose is to prevent the forgery of sender addresses during the delivery of the email, a practice known as email spoofing.

Forged email addresses are often used by cybercriminals in phishing and email spam. In such attacks, cybercriminals replace sender information in the email header to pretend they are someone else in order to increase the likelihood of their emails being opened.

Despite being very easy to execute, email spoofing can be extremely effective. In fact, phishing, which relies heavily on email spoofing, now accounts for 90% of data breaches, and it’s estimated that 15% of people successfully phished will be targeted at least one more time within the year.

An SPF record prevents spammers from sending messages with forged “From” addresses by allowing the receiving email server to check during email delivery that an email claiming to come from a specific domain is really submitted by an IP address authorized by that domain's administrators.

This record can be found in a domain's DNS zone file, listing the email servers that can send email from the domain. A single SPF record can list multiple email servers.

To set up an SPF DNS record:

  1. Decide which email servers you want to authorize to send emails from the domain.
  2. Once you have a list of server IP addresses, it’s time to create the actual SPF DNS record.
    • SPF record rules can be fairly complex, but they all start with v=spf1 and typically end with-all.
    • For example: v=spf1 ip4:114.233.31.227 -all.
    • The -all at the end simply means that all servers that aren’t listed in the SPF record are not authorized to send email from the domain.
  3. Save the new record and give it some time to propagate.

You can find more information about SPF record rules and their syntax on this page.

What Is DMARC DNS Record and How to Set It Up?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is designed to give email domain owners the ability to protect their domain from email spoofing by authenticating incoming email messages based on the rules published by the domain owner within the DNS entry.

It addresses the many problems with older email authentication technologies, such as SPF, by allowing senders and receivers to share information with each other to specify which authentication mechanism should be deployed and how to deal with failures.

DMARC was created in 2012 by PayPal, and its usage has since then increased sharply. The largest contributors to the DMARC specification include Google, Microsoft, Yahoo, Yandex, AOL, Comcast, Facebook, LinkedIn, Twitter, Fidelity Investments, Symantec, Netcraft, and many others.

To set up a DMARC DNS record:

  1. Log into your domain registrar and add a new TXT DNS record.
  2. Enter the desired DMARC DNS record.
    • All DMARC DNS records start with v=DMARC1, but they can include many other tags
    • For example: "v=DMARC1;p=reject;pct=100;rua=mailto:test@domain.com"
    • See the table below for a detailed explanation of DMARC tags.
  3. Save the new record and give it some time to propagate.
Tag NamePurposeSample
vProtocol versionv=DMARC1
pctPercentage of messages subjected to filteringpct=20
rufReporting URI for forensic reportsruf=mailto:authfail@domain.com
ruaReporting URI of aggregate reportsrua=mailto:aggrep@domain.com
pPolicy for organizational domainp=quarantine
spPolicy for subdomains of the ODsp=reject
adkimAlignment mode for DKIMadkim=s
aspfAlignment mode for SPFaspf=r

For more information about DMARC DNS records, read the official DMARC Technical Specification.

What Is MX DNS Record and How to Set It Up?

An MX (Mail Exchange) DNS record specifies an email server to handle a domain’s email messages. As its name suggests, an MX DNS record is a type of resource record in DNS, along with Start of Authority (SOA), IP addresses (A and AAAA), name servers (NS), pointers for reverse DNS lookups (PTR), and domain name aliases (CNAME).

For backup purposes, it’s possible to specify more than one email server to accept incoming email messages for a domain by creating multiple MX records and assigning each of them a certain priority (with 0 being the highest priority).

To set up an MX DNS record:

  1. Edit DNS records for your domain.
  2. Create a new MX record.
    • For example: 0 mail.example.com
    • The initial number is the record’s priority, and “mail.example.com” is the email server that is supposed to accept incoming email messages.
    • Two MX records can have the same priority. In that case, one server will be selected at random.
  3. Save the new record and give it some time to propagate.

You can check MX DNS records using an online MX lookup tool, such as MXToolBox. Simply enter the domain name you want to check and compare the results with your MX DNS records.

What Is Email Blacklist and How to Remove IP/Domain from It?

As we stated at the beginning of this article, misconfigured DNS records can contribute to an IP address or domain becoming blacklisted, which means that it appears on one or more email blacklists.

An email blacklist is a list of IP addresses and domains known to send spam email messages. Such lists are commonly used by organizations, email providers, and ISPs to filter out malicious and unwanted emails before they have a chance to reach the inbox.

Without properly configured DNS records, a domain name can be spoofed by cybercriminals conducting phishing attacks and end up blacklisted without its rightful owner doing anything wrong. It’s possible to check whether an IP address is blacklisted or not using an email health checker.

To remove a blacklisted IP address or a domain name from an email blacklist, it’s important to first solve the reason for blacklisting, which often means fixing DNS records. Then, familiarize yourself with the removal process of the email blacklist operator and send the operator a removal request.

After the removal, it’s highly advisable to conduct a comprehensive overview of email activity and policies to prevent a similar incident from ever happening again in the future.