Is Your Domain Ready to Send Email?

    Check your SPF, DKIM, and DMARC records in 10 seconds. Find out if your emails are landing in spam — and how to fix it.

    What this audit checks

    The audit performs five DNS-level checks against your domain in real time. Each one corresponds to a signal that mailbox providers (Gmail, Outlook, Yahoo, Apple) use to decide whether your mail belongs in the inbox, the promotions tab, the spam folder, or rejected outright.

    SPF

    Confirms which servers are allowed to send mail as your domain. Missing or misconfigured SPF is the single most common reason legitimate email gets flagged as spoofing.

    DKIM

    Verifies a cryptographic signature on every message. Without DKIM, receivers can't prove the mail wasn't altered in transit, and Gmail/Yahoo bulk-sender rules require it.

    DMARC

    Tells receivers what to do when SPF or DKIM fail and gives you reports on who's sending mail using your domain. As of 2024, Gmail and Yahoo require DMARC for any sender hitting more than 5,000 daily messages.

    MX records

    Confirms your domain can receive replies, bounces, and DMARC aggregate reports. A missing MX is a strong negative signal — receivers treat it as suspicious.

    Blacklist & reputation signals

    Cross-references your sending domain and IPs against the major real-time blackhole lists (Spamhaus, SORBS, Barracuda) and checks the basic shape of your reverse DNS. Even one blacklist hit on a high-traffic RBL can crater your inbox placement at every major provider for the duration of the listing.

    Common failure modes

    The failures we see most often aren't exotic — they're the same handful repeating across thousands of domains. The top five: an SPF record with more than 10 DNS lookups (silent failure, hard to diagnose), a DKIM selector that points at a key that was rotated and never republished, a DMARC policy stuck on p=none with no reporting address (not technically broken, but useless), an MX record that resolves to a host that no longer accepts mail, and a sending IP that landed on Spamhaus CSS because a single compromised customer in a shared pool started blasting spam.

    How to fix the most common issues

    Most of these are fixable in a single DNS change — the hard part is knowing which change. Quick playbook:

    • SPF "too many lookups." Flatten with an SPF macro tool or move secondary senders behind a subdomain. Keep your primary SPF under 10 includes.
    • DKIM not signing. Re-publish the public-key TXT record for your selector. Test with dig TXT selector._domainkey.yourdomain.com.
    • DMARC at p=none. Add an rua= reporting address, watch reports for two weeks, then move to p=quarantine, then p=reject.
    • Missing MX. Even if you only send and never receive, point MX at a reply-handling host so bounces and DMARC aggregate reports get processed.
    • Blacklisted IP. Identify the cause first (one bad campaign, a compromised account, a hijacked subdomain) before requesting delisting. Listings without root-cause fixes return within days.

    What Is Email Authentication?

    IGSendMail configures all three automatically when you verify your sending domain. Most users are fully authenticated in under 10 minutes.

    Stop Guessing About Deliverability

    IGSendMail provides 99% inbox delivery with automatic authentication, dedicated IPs, bounce management, and real-time reputation monitoring.