🔍 Free • No signup required
Decode Your Email
Infrastructure
Visualize dependencies. Understand failures. Fix faster.
WHAT failed →
WHY it failed
10K+
Domains Scanned
17
Security Checks
~6s
Average Scan
Loading...
Scan Results For
Analysis
Dependency Chains
Understanding how your email security components depend on each other
Detailed Results
Security Checks
MX Records ℹ️Mail Exchange (MX) Records
MX records tell other mail servers where to deliver email for your domain. They point to your mail server hostnames and include priority values (lower = higher priority). Without valid MX records, you cannot receive email.
SPF Record ℹ️Sender Policy Framework (SPF)
SPF records list which mail servers are authorized to send email on behalf of your domain. This prevents spammers from forging your domain in the "From" address.
DKIM Record ℹ️DomainKeys Identified Mail (DKIM)
DKIM adds a digital signature to your emails using cryptographic keys. Receiving servers verify this signature to ensure the email wasn't tampered with in transit.
DMARC Policy ℹ️Domain-based Message Authentication (DMARC)
DMARC builds on SPF and DKIM by telling receiving servers what to do if authentication fails (reject, quarantine, or nothing). It also provides reporting.
BIMI Record ℹ️Brand Indicators for Message Identification (BIMI)
BIMI allows your brand logo to appear next to your emails in supported email clients. Requires DMARC enforcement and optionally a Verified Mark Certificate (VMC).
CAA Records ℹ️Certification Authority Authorization (CAA)
CAA records specify which certificate authorities (CAs) are allowed to issue SSL/TLS certificates for your domain. This prevents unauthorized CAs from issuing fraudulent certificates.
DNSSEC ℹ️DNS Security Extensions (DNSSEC)
DNSSEC adds cryptographic signatures to DNS records, preventing DNS spoofing and cache poisoning attacks.
RBL Status ℹ️Real-time Blackhole Lists (RBL)
RBLs are databases of IP addresses known for sending spam. We check your mail server IPs against 8 major blacklists. Being listed severely impacts email deliverability.
TLS Support ℹ️Transport Layer Security (TLS)
TLS encrypts email in transit between mail servers using STARTTLS. We verify your mail servers support TLS, check the version and cipher suite, and validate the SSL certificate.
MTA-STS ℹ️MTA Strict Transport Security
MTA-STS enforces TLS encryption for email delivery. It prevents downgrade attacks where hackers try to strip encryption. This is the "HTTPS for email" standard.
TLS-RPT ℹ️TLS Reporting (TLS-RPT)
TLS-RPT provides reports about TLS connection failures. When other mail servers have problems connecting securely to your servers, they send you reports.
PTR Records ℹ️Pointer (PTR) Records
PTR records provide reverse DNS lookup — mapping IP addresses back to hostnames. Many mail servers require valid PTR records that match your mail server hostname.
DANE/TLSA ℹ️DNS-Based Authentication of Named Entities (DANE)
DANE uses TLSA records to pin your mail server's certificate to DNS, preventing certificate forgery even if a Certificate Authority is compromised. Requires DNSSEC.
DMARC Alignment ℹ️DMARC Identifier Alignment
DMARC requires SPF and DKIM to "align" with your From: domain. Strict alignment requires exact domain matching, while relaxed allows subdomains.
ARC Support ℹ️Authenticated Received Chain (ARC)
ARC preserves email authentication results across intermediaries (mailing lists, forwarding). It helps prevent legitimate forwarded emails from failing DMARC checks.
VMC (BIMI) ℹ️Verified Mark Certificate
VMC is required by Gmail and Yahoo to display your BIMI logo. It's a special certificate that proves trademark ownership.
SPF Lookup Tree ℹ️SPF DNS Lookup Visualizer
SPF has a 10-lookup limit. Each "include:" counts as a lookup, and nested includes add up quickly. This visualizes your SPF dependency tree.
Share this scan