Check what inbox providers can verify about your domain

Run a free DNS audit for SPF, DKIM, and DMARC. No account, no DNS access, and no claim that DNS alone guarantees inbox placement.

Checks public DNS only · Usually 20–30 seconds

Built for SaaS teams, agencies, and small businesses auditing domains they own or are authorized to manage.

Authentication readiness audit

Waiting for a domain

PUBLIC DNS
SPFAuthorized sender policy
DMARCPolicy and reporting
DKIMCommon selector discovery
DNS-only result — sending reputation, message content, and real inbox placement are not tested.

A report that tells you when not to change DNS

InboxShield separates safe, deterministic fixes from records that must be generated by your email provider. That distinction prevents a quick fix from becoming an outage.

1

Inventory senders

Confirm every service sending as your domain before changing SPF.

2

Generate provider keys

DKIM values come from your email provider. InboxShield never invents them.

3

Change, wait, rescan

Apply one staged change, allow DNS to propagate, then verify it.

Prioritized action list

The paid plan labels what is safe, conditional, or provider-owned.

1SPFVerify firstInventory every sender before changing authorization.
2DMARCSafe to publishStart with a monitoring-only record when DMARC is missing.
3DKIMProvider-generatedGenerate the key inside the sending platform.

Pay once for the implementation plan

Run the free audit first. Buy only when the result shows a configuration you need to act on.

Safe Fix Plan

$19

one-time · no subscription

  • Prioritized SPF, DKIM, and DMARC actions
  • Provider-specific setup paths
  • Copy-ready values only when deterministic
  • Verification checklist and downloadable PDF

What this audit can — and cannot — tell you

It checks

Public DNS records, SPF syntax and lookup count, DMARC policy and reporting, common DKIM selectors, and optional BIMI and MTA-STS signals.

It does not test

Message content, sending IP reputation, complaint rate, blocklists, list quality, alignment of a specific sent message, or real inbox placement.

Sender requirements change. Source references: Google, Yahoo, and Microsoft.

Frequently asked questions

Can DNS changes break email?+

Yes. Replacing SPF without inventorying every sender, publishing the wrong DKIM key, or enforcing DMARC too early can block legitimate mail. That is why the report separates deterministic changes from values that require provider confirmation.

Why can’t every DKIM key be detected?+

DKIM selectors are chosen by the sending provider and cannot be enumerated from DNS. The free audit checks common selectors. If none are found, the result is “verify,” not proof that DKIM is missing.

Does a perfect score guarantee inbox placement?+

No. DNS authentication is one part of delivery. Message content, IP and domain reputation, complaint rate, list quality, blocklists, and recipient engagement also matter and are outside this audit.