InboxShieldMini
Live DNS scanner for SPF, DKIM, DMARC, BIMI, and MTA-STS

Stop losing revenue to broken email setup

Scan your domain for the sender authentication issues that hurt onboarding emails, invoices, password resets, and follow-up. Start with a free diagnosis, then unlock the exact DNS repair plan when you are ready to fix it.

Built for SaaS founders, agencies, consultants, ecommerce operators, and lean teams sending from a custom domain.

30 sec

typical scan

$11.99

one-time report

0

accounts needed

Free domain scan

Check the sender setup before you touch DNS

Sender trust path

Where DNS decides inbox trust

Live DNS
1

Send

Message starts

2

Auth

Records prove sender

3

Score

Inbox checks trust

4

Land

Inbox, spam, or reject

SPF authorizes
DKIM signs
DMARC enforces

The scan is free. The paid report unlocks the exact repair plan after the diagnosis.

Checks the sender stack small teams already use

Gmail
Outlook
SendGrid
Mailgun
Mailchimp
HubSpot
Constant Contact
Campaign Monitor
ActiveCampaign
ConvertKit
Klaviyo
Amazon SES
Postmark
Cloudflare
GoDaddy
Namecheap
GetResponse
AWeber
Salesforce
Gmail
Outlook
SendGrid
Mailgun
Mailchimp
HubSpot
Constant Contact
Campaign Monitor
ActiveCampaign
ConvertKit
Klaviyo
Amazon SES
Postmark
Cloudflare
GoDaddy
Namecheap
GetResponse
AWeber
Salesforce

Revenue-critical email

The messages that cannot afford weak sender trust

Inbox placement problems do not only hurt campaigns. They hit the operational emails that keep acquisition, access, billing, and retention moving.

Trial activation

Welcome flows, product nudges, and magic links have to land before a new user sees value.

Account access

Password resets and login links turn into support tickets when authentication fails silently.

Revenue operations

Invoices, receipts, and renewal reminders need sender trust before timing and copy matter.

Sales follow-up

Outbound replies suffer when the domain itself starts from a trust deficit.

What gets fixed

A clear path from risky sender records to a cleaner setup

The scan identifies the broken trust signals. The paid report turns those signals into a short repair queue your team can act on without decoding DNS forums.

Sender trust path

Where DNS decides inbox trust

Live DNS
1

Send

Message starts

2

Auth

Records prove sender

3

Score

Inbox checks trust

4

Land

Inbox, spam, or reject

SPF authorizes
DKIM signs
DMARC enforces

Repair brief

The report turns vague DNS warnings into a fix queue

Before

SPF is too loose, DKIM selector is missing, DMARC is only partially visible.

After

Active senders are authorized, DKIM is published, DMARC reports are routed.

1Confirm every platform sending from the domain
2Publish only records that match the active sender stack
3Verify propagation and rescan after DNS settles

What the paid report feels like

A repair brief, not another wall of DNS jargon

InboxShield checks the records, prioritizes the risk, and gives your team the smallest practical next step for each issue.

Complete SPF, DKIM, DMARC, BIMI, and MTA-STS analysis
Exact TXT values when the fix can be generated safely
Provider-specific guidance for Google Workspace, Microsoft 365, SendGrid, Mailchimp, HubSpot, and major DNS hosts
A verification checklist for DNS propagation and follow-up scans
A polished PDF report your founder, ops lead, contractor, or IT partner can use
Plain-English business impact for each issue found

Report preview

example.com sender audit

Score

53

SPF

warn

Soft fail policy

Tighten the root TXT record after confirming active senders.

DKIM

fail

No usable selector

Generate keys in the sending platform and publish the provider record.

DMARC

warn

Monitoring gap

Add reporting and move toward enforcement when legitimate mail passes.

Generated fix excerpt

v=spf1 include:_spf.google.com include:sendgrid.net -all

The full report explains where to add it, what to replace, and how to verify it.

Cost of bad deliverability

Put a number on missed inbox placement

Use the estimator to size the possible business impact, then scan the domain to see the records behind the risk.

Think onboarding emails, password resets, invoices, renewal notices, and sales follow-ups.

Use blended value: recovered invoice, activated trial, saved support ticket, or closed follow-up.

Estimated upside

Recovered inbox deliveries / month

510

Potential value recovered / month

$12,240

Potential value recovered / year

$146,880

This is an estimator, not a promise. It exists to help you quantify how much revenue, activation, or retention can leak when domain authentication is weak.

Run a free scan
Open the full calculator page-An estimate for prioritization, not a deliverability guarantee.

From scan to fix plan

Three steps from uncertainty to a usable sender setup repair.

01

Scan live DNS

InboxShield queries the DNS records inbox providers can see right now.

02

Read the diagnosis

The preview separates pass, warning, and fail states with practical context.

03

Unlock the repair plan

The paid report turns the diagnosis into records, provider steps, and verification.

Simple pricing

Pay once when you need the repair plan

The scan is free. The paid report is for the moment you want the exact next steps and a shareable PDF.

Full fix report

$11.99

One-time payment. Instant access.

Complete SPF, DKIM, DMARC, BIMI, and MTA-STS analysis
Exact TXT values when the fix can be generated safely
Provider-specific guidance for Google Workspace, Microsoft 365, SendGrid, Mailchimp, HubSpot, and major DNS hosts
A verification checklist for DNS propagation and follow-up scans
Run the free scan first

Secure checkout via Stripe. No subscription.

Extra resource

Get the 2026 inbox checklist

A short guide to the sender requirements and DNS checks worth reviewing before another campaign, onboarding flow, or billing run.