Email Deliverability Auditor
Land in inboxes. Not in spam folders.
What it does
The Email Deliverability Auditor runs a complete check against your sending domain to make sure your messages reach the inbox.
We validate three core records:
| Record | Purpose | What we check |
|---|---|---|
| SPF | Authorize which mail servers can send | Syntax, lookup count (10 max), all mechanism |
| DKIM | Cryptographic signature | Key existence, length (1024+ recommended), selector validity |
| DMARC | Policy + reporting | Policy strength (none/quarantine/reject), rua/ruf reporting addresses |
Deliverability score
Each audit produces a 0–100 score with three thresholds:
- 80–100: Healthy. You are landing in inboxes.
- 50–79: At risk. One critical record is misconfigured.
- 0–49: Failing. Mail is likely flagged as spam.
How to use it
- Go to Infrastructure → Email Deliverability in your dashboard
- Enter the domain you send mail from
- Wait ~5 seconds for the audit to complete
- Review the score, individual records, and recommendations
- Optional: enable scheduled re-audit (weekly / monthly)
The audit is read-only — we only query public DNS. We never touch your mail server.
Common findings
"SPF: too many DNS lookups"
SPF allows a maximum of 10 nested DNS lookups. If you include too many include: directives (e.g., Microsoft 365 + SendGrid + Mailchimp), you exceed this limit and SPF silently fails. Fix: flatten with a tool like spf-flatten.
"DKIM: no key found at selector"
Your sender is signing with a selector (e.g., s1._domainkey.example.com) that does not resolve. Either the DNS record is missing, or the selector name was changed in your mail provider.
"DMARC: policy is none"
A p=none policy means receivers see your reports but take no action on failures. For active protection, progress to p=quarantine then p=reject.
API
POST /api/v1/email-deliverability/audits
Content-Type: application/json
Authorization: Bearer <token>
{ "domain": "example.com" }