The Only Email Scanner That Shows You WHY
See dependency chains, not just pass/fail. Understand complex email security in seconds.
10,000+
Domains Scanned
Fortune 500
Trusted By
⚡
~6 Seconds
Instant Analysis
🔍
17 Checks
Comprehensive
🔗
Dependency Chains
Visual Insights
💡
Educational
Learn As You Scan
🆓
Free Forever
No Signup Required
Other scanners show you
WHAT failed
We show you WHY it failed and HOW everything connects
Scan Results For:
Dependency Chains
Understanding how your email security components depend on each other
MX Records
ℹ️
Mail Exchange (MX) Records
MX records tell other mail servers where to deliver email for your domain. They point to your mail server hostnames and include priority values (lower = higher priority). Without valid MX records, you cannot receive email.
SPF Record
ℹ️
Sender Policy Framework (SPF)
SPF records list which mail servers are authorized to send email on behalf of your domain. This prevents spammers from forging your domain in the "From" address. Receiving servers check SPF to verify sender authenticity.
DKIM Record
ℹ️
DomainKeys Identified Mail (DKIM)
DKIM adds a digital signature to your emails using cryptographic keys. Receiving servers verify this signature to ensure the email wasn't tampered with in transit and actually came from your domain. Requires a selector (we check "default").
DMARC Policy
ℹ️
Domain-based Message Authentication (DMARC)
DMARC builds on SPF and DKIM by telling receiving servers what to do if authentication fails (reject, quarantine, or nothing). It also provides reporting so you can monitor who's sending email using your domain.
BIMI Record
ℹ️
Brand Indicators for Message Identification (BIMI)
BIMI allows your brand logo to appear next to your emails in supported email clients. Requires DMARC enforcement and optionally a Verified Mark Certificate (VMC) for trademark verification. Optional but enhances brand recognition.
CAA Records
ℹ️
Certification Authority Authorization (CAA)
CAA records specify which certificate authorities (CAs) are allowed to issue SSL/TLS certificates for your domain. This prevents unauthorized CAs from issuing fraudulent certificates for your domain.
DNSSEC
ℹ️
DNS Security Extensions (DNSSEC)
DNSSEC adds cryptographic signatures to DNS records, preventing DNS spoofing and cache poisoning attacks. It ensures that DNS responses haven't been tampered with and actually come from your authoritative nameservers.
RBL Status
ℹ️
Real-time Blackhole Lists (RBL)
RBLs are databases of IP addresses known for sending spam. We check your mail server IPs against 8 major blacklists. Being listed severely impacts email deliverability as many servers will reject your mail. Each listing includes a delist URL.
TLS Support
ℹ️
Transport Layer Security (TLS)
TLS encrypts email in transit between mail servers using STARTTLS. We verify your mail servers support TLS, check the TLS version and cipher suite, and validate the SSL certificate. Essential for protecting email content from eavesdropping.
MTA-STS
ℹ️
MTA Strict Transport Security
MTA-STS enforces TLS encryption for email delivery. It prevents downgrade attacks where hackers try to strip encryption. When enabled, sending servers must use TLS or delivery fails. This is the "HTTPS for email" standard.
TLS-RPT
ℹ️
TLS Reporting (TLS-RPT)
TLS-RPT provides reports about TLS connection failures. When other mail servers have problems connecting securely to your servers, they send you reports. This helps you identify and fix TLS issues before they impact deliverability.
PTR Records
ℹ️
Pointer (PTR) Records
PTR records provide reverse DNS lookup - mapping IP addresses back to hostnames. Many mail servers require valid PTR records that match your mail server hostname. Missing or mismatched PTR records can cause delivery issues.
DANE/TLSA
ℹ️
DNS-Based Authentication of Named Entities (DANE)
DANE uses TLSA records to pin your mail server's certificate to DNS, preventing certificate forgery even if a Certificate Authority is compromised. Requires DNSSEC. This is the ultimate protection against man-in-the-middle attacks.
ARC Support
ℹ️
Authenticated Received Chain (ARC)
ARC preserves email authentication results through forwarding and mailing lists. Without ARC, forwarded emails often break SPF/DKIM and land in spam. ARC-aware mail servers "seal" the original authentication so the final recipient can verify it.
DMARC Alignment
ℹ️
DMARC Identifier Alignment
DMARC requires SPF and DKIM to "align" with your From: domain. Strict alignment (aspf=s, adkim=s) requires exact domain matching, while relaxed allows subdomains. Strict is more secure but can break email from subdomains.
VMC (BIMI)
ℹ️
Verified Mark Certificate
VMC is required by Gmail and Yahoo to display your BIMI logo. It's a special certificate (~$1,500/year) that proves trademark ownership. Without VMC, your BIMI logo won't display in major email clients.
SPF Lookup Tree
ℹ️
SPF DNS Lookup Visualizer
SPF has a 10-lookup limit. Each "include:" counts as a lookup, and nested includes add up quickly. This visualizes your SPF dependency tree and shows if you've exceeded the limit, which breaks SPF validation.
Share this scan:
Found Issues? We Can Help.
RacterMX provides privacy-focused email forwarding with custom domains, helping you maintain perfect email infrastructure while protecting your privacy.
🛡️
Zero-Access Encryption
Your emails, your keys. We can't read them even if we wanted to.
⏱️
Time-Locked Aliases
Disposable email addresses that self-destruct on your schedule.
🎯
Custom Domains
Use your own domain with perfect SPF, DKIM, and DMARC setup.