Email Checker – Test Email Deliverability, SPF, DKIM & DNS | Formtabulous

Free SPF, DKIM, DMARC, MX and DNS blacklist check. No signup needed.

Formtabulous Email Deliverability Checker illustration

Check your domain’s email health

SPF, DKIM, DMARC, MX, rDNS and basic blacklist scan.

Enter a valid domain or email.
Shown for transparency — edit if you know your actual sending IP.
Starting checks…
Improve deliverability with real-world sending, opens, bounces & analytics.
Try GroupPost Free

Disclaimer: This tool is designed to evaluate public DNS records and suggest possible improvements. It is not an official diagnostic or guarantee of email deliverability. Results may be cached for up to 24 hours for performance.

What this email checker tests — and why each check matters

Before an email reaches anyone's inbox, receiving mail servers run a series of silent authentication checks against your domain's DNS records. If any of those checks fail, your message lands in spam — or never arrives at all. This tool runs every critical check in seconds so you know exactly where you stand before you send.

SPF — Sender Policy Framework

SPF is a DNS TXT record that lists every server authorized to send email on behalf of your domain. When a message arrives, the receiving server checks whether the sending IP is on that list. A missing or misconfigured SPF record is one of the most common reasons legitimate email lands in spam — especially when sending through a third-party platform like GroupPost, Google Workspace, or Mailchimp. Pass means your sending infrastructure is authorized. Fail or SoftFail means receiving servers may reject or filter your mail.

DKIM — DomainKeys Identified Mail

DKIM adds a cryptographic signature to every outgoing message. The recipient's server verifies that signature against a public key published in your DNS — confirming the message actually came from your domain and wasn't altered in transit. Without DKIM, forwarded mail almost always fails authentication, and senders have no way to prove message integrity. Most sending platforms (including GroupPost) sign messages automatically, but the public key record still has to exist in your DNS.

DMARC — Domain-based Message Authentication, Reporting and Conformance

DMARC ties SPF and DKIM together and tells receiving servers what to do when a message fails both checks: none (monitor only), quarantine (send to spam), or reject (block entirely). It also requires alignment — the domain in your From: address must match the domain that passed SPF or DKIM. Google and Yahoo began requiring a published DMARC record for all bulk senders in February 2024. Without one, large-scale sends to Gmail and Yahoo addresses face higher rejection rates regardless of SPF and DKIM status.

MX records

MX (Mail Exchange) records tell other servers where to deliver inbound email for your domain. A missing or broken MX record means inbound mail bounces — and can also signal to spam filters that your domain isn't set up for legitimate two-way communication. This check confirms your MX records exist, resolve correctly, and point to reachable mail servers.

Reverse DNS (rDNS / PTR record)

Reverse DNS maps your sending IP address back to a hostname. Many receiving mail servers — particularly corporate mail gateways — reject or heavily filter messages from IPs with no PTR record. A correct rDNS entry is a basic signal of a legitimately configured mail server. This matters most when sending from your own mail server; cloud sending platforms like GroupPost handle this at the infrastructure level.

DNS blacklist (DNSBL) scan

Blacklists are real-time databases of IP addresses and domains known to send spam. Receiving servers query these lists before accepting mail — a single blacklist hit can cause deliverability to drop across all major providers simultaneously. Common blacklists include Spamhaus, SpamCop, and Barracuda. This checker scans your domain and detected sending IP against major blacklists so you know immediately if you're listed — and can request removal before your next send.

Frequently asked questions

Why are my emails going to spam even though SPF passes?

A passing SPF record is necessary but not sufficient. Receiving servers — especially Gmail and Yahoo — also check DKIM, DMARC alignment, sender reputation, bounce rates, and message content. The most common reasons email lands in spam despite valid SPF: missing or failing DKIM signature, no DMARC record published, sending IP or domain on a blacklist, high bounce rates from previous sends, or message content that triggers spam filters. Run this checker to identify which of these applies to your domain.

How do I check if my domain is on an email blacklist?

Enter your domain or email address above and run the check — the tool scans your domain and detected sending IP against major DNS blacklists including Spamhaus and Barracuda. If you're listed, the result will show which blacklist and link to the removal request process. Most legitimate senders who end up on a blacklist got there due to a compromised account, a spam complaint spike, or sending to a list with many invalid addresses. Clean your list, fix the underlying cause, and then request removal.

What is a DMARC record and do I need one?

A DMARC record is a DNS TXT record published at _dmarc.yourdomain.com that tells receiving mail servers how to handle messages that fail SPF and DKIM checks. Since February 2024, Google and Yahoo require a published DMARC record for any sender sending more than 5,000 messages per day to their users. Even below that threshold, a DMARC record at p=none gives you monitoring visibility into who is sending email from your domain — which is useful for catching unauthorized senders before they damage your reputation. Start with p=none, review the reports, and move to p=quarantine or p=reject once you've confirmed all your legitimate sending sources pass.

How often should I check my email domain health?

Run a check any time you: add a new email sending platform to your stack, change your DNS provider or hosting, notice a sudden drop in open rates or a spike in bounces, receive a spam complaint you didn't expect, or before a high-volume send to a list you haven't mailed in a while. DNS records can be accidentally overwritten during hosting migrations, and blacklist listings can appear without warning after a single spam complaint campaign. A 30-second check before a major send can prevent days of deliverability recovery work afterward.

What's the difference between SPF fail and SPF softfail?

An SPF fail (-all at the end of your SPF record) tells receiving servers to reject messages from unauthorized senders outright. An SPF softfail (~all) tells them to accept but mark the message as suspicious — it typically lands in spam rather than being rejected. Most senders should use ~all while setting up or troubleshooting, and move to -all only after confirming all authorized sending sources are included in the record. An overly strict -all with an incomplete list of authorized senders will cause your own legitimate email to be rejected.

Why does email sent through GroupPost need SPF and DKIM on my domain?

When you send through GroupPost, messages go out from Formtabulous sending infrastructure but display your domain in the From: address. For DMARC alignment to pass, your domain's SPF record needs to authorize GroupPost's sending servers, and your domain needs a DKIM record that matches the signature GroupPost adds to outgoing messages. Without these, your messages may pass SPF for the GroupPost domain but fail alignment for your domain — causing DMARC to fail and increasing spam placement, particularly at Yahoo and Gmail.

My SPF, DKIM, and DMARC all pass — why are emails still going to spam?

Authentication is the floor, not the ceiling. Even perfect authentication doesn't guarantee inbox placement if: your sending IP or domain has a poor reputation from prior spam complaints or high bounce rates; your list contains a high proportion of invalid or inactive addresses; your message content resembles marketing email without proper unsubscribe handling; or you're sending too many messages too quickly from a new domain or IP. Authentication tells receivers the mail is genuinely from you — your sender reputation tells them whether they should trust you.

Who should run this check

This tool is useful for anyone who sends email from a custom domain — not just developers or IT teams. Common situations where running this check prevents deliverability problems:

  • Before your first GroupPost send. Confirm your domain's SPF and DKIM are correctly configured so your first mailing reaches inboxes rather than spam folders.
  • After migrating to a new hosting provider. DNS migrations frequently overwrite or drop SPF, DKIM, and MX records. A post-migration check catches these before members stop receiving your emails.
  • When open rates suddenly drop. A blacklist listing or a broken DKIM record can cause open rates to fall overnight. This check identifies the cause in seconds.
  • When setting up a new sending domain. New domains have no sending history. Correct authentication from the first send builds reputation faster and avoids early-stage spam filtering.
  • For nonprofits, HOAs, and community organizations. Many community organizations send from a domain managed by a volunteer who set it up years ago and may not have current authentication records. A quick check before each mailing season catches stale or missing records.

Ready to send to your list?

Once your domain health check passes, GroupPost handles the sending — with per-recipient delivery reporting, bounce management, and unsubscribe handling built in.

Learn about GroupPost →