🚀 SecureCheap is live — Start free →
Email Deliverability
Overview

Email Deliverability Auditor

Land in inboxes. Not in spam folders.

What it does

The Email Deliverability Auditor runs a complete check against your sending domain to make sure your messages reach the inbox.

We validate three core records:

RecordPurposeWhat we check
SPFAuthorize which mail servers can sendSyntax, lookup count (10 max), all mechanism
DKIMCryptographic signatureKey existence, length (1024+ recommended), selector validity
DMARCPolicy + reportingPolicy strength (none/quarantine/reject), rua/ruf reporting addresses

Deliverability score

Each audit produces a 0–100 score with three thresholds:

  • 80–100: Healthy. You are landing in inboxes.
  • 50–79: At risk. One critical record is misconfigured.
  • 0–49: Failing. Mail is likely flagged as spam.

How to use it

  1. Go to Infrastructure → Email Deliverability in your dashboard
  2. Enter the domain you send mail from
  3. Wait ~5 seconds for the audit to complete
  4. Review the score, individual records, and recommendations
  5. Optional: enable scheduled re-audit (weekly / monthly)

The audit is read-only — we only query public DNS. We never touch your mail server.

Common findings

"SPF: too many DNS lookups"

SPF allows a maximum of 10 nested DNS lookups. If you include too many include: directives (e.g., Microsoft 365 + SendGrid + Mailchimp), you exceed this limit and SPF silently fails. Fix: flatten with a tool like spf-flatten.

"DKIM: no key found at selector"

Your sender is signing with a selector (e.g., s1._domainkey.example.com) that does not resolve. Either the DNS record is missing, or the selector name was changed in your mail provider.

"DMARC: policy is none"

A p=none policy means receivers see your reports but take no action on failures. For active protection, progress to p=quarantine then p=reject.

API

POST /api/v1/email-deliverability/audits
Content-Type: application/json
Authorization: Bearer <token>
 
{ "domain": "example.com" }