Free Tool

Domain Scanner

Most brands fix one authentication problem at a time — and miss the five others. Enter your domain for a full email security audit: SPF, DKIM, DMARC, BIMI, MTA-STS, TLS-RPT, and MX records graded simultaneously in under 15 seconds.

Why Fixing One Record Isn't Enough

SPF

Lists authorized sending servers. Prevents spoofing from unauthorized IPs.

DKIM

Adds a cryptographic signature to outgoing emails, proving they haven't been tampered with in transit.

DMARC

Tells receiving servers what to do with emails that fail SPF/DKIM. Enables reporting and enforcement.

BIMI

Displays your brand logo next to emails in supported inboxes. Requires a valid DMARC policy.

MTA-STS

Enforces TLS encryption for incoming mail, preventing downgrade attacks and eavesdropping.

TLS-RPT

Provides reporting on TLS connection failures, helping you identify encryption issues.

MX Records

Specifies which mail servers handle incoming email for your domain.

A Records

Maps your domain to an IP address. Essential for web and mail server resolution.

NS Records

Identifies your authoritative name servers, the foundation of your DNS infrastructure.

Related Free Tools

SPF Checker → DKIM Checker → DMARC Checker → BIMI Checker → MTA-STS Checker → TLS-RPT Checker → DNS Lookup → Deliverability Check →

Learn More

↗

Email Domain Reputation: How It's Scored

How domain reputation signals map to the scan results this tool uncovers.

↗

SPF, DKIM, and DMARC Explained

Foundational reading for interpreting the 7-protocol scan output.

Why We Built This Tool

Most brands fix one authentication problem at a time and miss the five others. A domain might pass SPF but fail DMARC alignment, or have BIMI but no MTA-STS. This scanner checks all seven authentication protocols simultaneously — grading your overall security posture.

What Goes Wrong Without This

Individual protocol checks are incomplete. You could fix SPF, DKIM, and DMARC but still fail Gmail and Yahoo's 2024 bulk sender requirements, which now mandate DMARC enforcement AND one-click unsubscribe headers. A complete audit catches all gaps at once.

Who This Tool Is For

E-commerce & DTC Brands

Teams managing sending from multiple ESPs and subdomains who need visibility into which authentication protocols are live and which are missing.

Email Marketing Agencies

Agencies auditing client email security posture and needing to identify which domains require immediate fixes before campaigns launch.

B2B SaaS & Outbound Teams

DevOps and security teams responsible for email infrastructure who need to track authentication coverage and compliance with Gmail/Yahoo 2024 bulk sender requirements.

Frequently Asked Questions

What does the security score mean?

The score is based on completeness and correctness of your email authentication records: SPF, DKIM, DMARC, BIMI, MTA-STS, and TLS-RPT. A score of 90+ means strong protection. Below 60 means significant vulnerabilities.

Can I improve my score without changing all my records?

Yes. Even partial authentication is better than none. Start by enabling SPF and DKIM, then add DMARC enforcement, then layer in BIMI and advanced protocols. The scanner shows what you have and what gaps remain.

Why scan multiple times?

Email configuration changes regularly. New ESPs are added, keys rotate, and DNS records expire. Re-scanning monthly catches configuration drift before it impacts deliverability.

Do I need an InboxEagle account to use this tool?

No. This tool is completely free and requires no account or sign-up. InboxEagle provides it as a standalone resource for email marketers, developers, and agencies.

Your Security Score Will Change. You Need to Know When.

InboxEagle re-scans your domain daily — tracking changes across all authentication records and alerting you the moment a new vulnerability appears. Used by email agencies managing 50+ client domains.

Start Free 14-Day Trial

No credit card required · Cancel anytime