{{ summaryHeading }}
{{ scoreDisplay }}
{{ summaryLine }}
{{ statusLabel }} Blockers {{ statusCounts.Fail }} Warnings {{ statusCounts.Warn }} Pass {{ statusCounts.Pass }} {{ activeProfile.label }}
Auth DMARC Unsub {{ routeStageScoreLabel }}
Enter a bare domain. Use Check DNS to add live DNS evidence to the scorecard.
{{ dnsStatusLine }}
Choose the receiver family you are preparing for before reviewing volume, unsubscribe, and authentication gaps.
The 5,000+ level activates stricter Google and Outlook bulk sender review.
messages/day
Pick the stream represented by the pasted evidence.
Leave this equal to the sending domain unless your sample headers show a different From domain.
Keep the rate below 0.30%; the strict profile warns above 0.10%.
%
Use a preset to test pass, warning, and blocked states quickly.
Paste one message sample or checklist note set. Drop TXT/EML/headers files onto the textarea.
{{ sourceStatusLine }}
Use delivery logs, ESP docs, or rDNS checks for each outbound IP.
Paste TLS evidence in the notes when available.
Use production unsubscribe logs or ESP settings for this evidence.
Requirement Status Source Evidence Next action Copy
{{ row.requirement }} {{ row.status }} {{ row.source }} {{ row.evidence }} {{ row.action }}
Priority Fix area Action Verification Copy
{{ row.priority }} {{ row.area }} {{ row.action }} {{ row.verification }}
No blocker or warning rows. Keep monitoring spam rate, reports, and authentication drift.
Evidence type Observed Detail Copy
{{ row.type }} {{ row.observed }} {{ row.detail }} 
{{ launchReport }}
Tags: Email, Security
Email Header Analyzer Analyze raw email headers for relay delays, SPF, DKIM, DMARC alignment, ARC context, sender mismatch, and browser-side spoof-risk clues.
DKIM DNS Record Generator Build a DKIM TXT record from selector, domain, and public key input, with copy-ready DNS fields, split strings, key checks, and a route preview.
DMARC DNS Record Generator Build a DMARC DNS TXT record for a domain, stage policy rollout, normalize report URIs, and flag external-report authorization.
SPF Record Generator Generate an SPF TXT record from sender sources, provider includes, IP ranges, A/MX choices, and rollout checks for lookup budget and policy risk.
Customize
Advanced
:

Bulk sender readiness is a combination of domain authentication, message identity, recipient controls, and complaint discipline. Mailbox providers do not judge volume alone. They look for SPF, DKIM, DMARC, aligned identity, reverse DNS, encrypted transport, unsubscribe handling, and evidence that recipients are not marking the stream as unwanted.

Gmail, Yahoo, Outlook.com, and other consumer mailbox providers have made these controls operational requirements for higher-volume senders. A domain can have one authentication record present and still fail because alignment is wrong, a DKIM selector is missing, the visible From domain does not match the authenticated domain, or the unsubscribe path is not available in both headers and message body.

The practical review is evidence-based. DNS records show whether the domain can authenticate, raw headers show how a real message was evaluated, complaint rate shows recipient reaction, and unsubscribe behavior shows whether users can leave the list without reaching for the spam button.

Evidence area What it proves Typical gap
SPF, DKIM, DMARC The sending domain can be authenticated and policy-checked. Records exist but do not align with the visible From domain.
Headers A delivered sample passed or failed provider authentication checks. Test mail is inspected without Authentication-Results evidence.
Unsubscribe Recipients can opt out through header and body paths. Marketing mail has no one-click header or delayed unsubscribe handling.
Complaints Recipient feedback is below provider risk thresholds. Authentication is correct but spam complaint rate is too high.

How to Use This Tool:

  1. Enter the Sending domain and run the DNS lookup when network access is available.
  2. Choose a Mailbox profile such as Google and Yahoo, Gmail, Yahoo, Outlook.com, or Strict launch.
  3. Set Daily volume, Stream type, the visible From domain, and the current Spam complaint rate.
  4. Paste representative raw message headers, especially Authentication-Results, DKIM-Signature, List-Unsubscribe, and List-Unsubscribe-Post.
  5. Use Evidence preset for a known scenario, or switch to custom evidence for a real sending program.
  6. Review Requirements Scorecard, then use Remediation Queue, Authentication Evidence, Requirement Coverage Map, Launch Report, and JSON for follow-up work.

Use a recently delivered sample from the same stream you plan to send. A transactional receipt, marketing campaign, and forwarding list can have different authentication and unsubscribe evidence.

Interpreting Results:

Requirements Scorecard groups evidence rows into pass, warning, and fail states. Launch blocked means one or more required controls are missing or failing for the selected mailbox profile. Evidence gaps means the configuration may be acceptable, but the provided data is not enough to prove it. Ready to monitor means the core checks passed and ongoing complaint monitoring remains important.

  • Bulk volume scope decides whether a provider's higher-volume requirements apply to the current daily volume.
  • DMARC alignment checks whether SPF or DKIM aligns with the visible From domain.
  • One-click unsubscribe looks for the RFC 8058 header pattern used by major mailbox providers.
  • Remediation Queue orders fixes so blocking authentication and compliance gaps are handled before lower-risk warnings.

A pass result does not mean future inbox placement is guaranteed. Complaint rate, list acquisition quality, content, engagement, bounce handling, and sender reputation still determine how mailbox providers treat campaigns over time.

Technical Details:

The checker combines declared sender settings, DNS evidence, and parsed message headers. DNS evidence looks for SPF TXT records, DMARC policy at the organizational or exact domain location, MX presence, and optional DKIM selector records. Header evidence is parsed for authentication results, signing domains, visible From domain, list identifiers, TLS traces, and unsubscribe fields.

Each requirement is assigned a status and weight. Passing controls contribute full credit, warning controls contribute partial credit, and failing controls contribute none. Blocking rows are still more important than the percentage score because a single hard authentication or unsubscribe failure can make a sender noncompliant for a selected mailbox profile.

Requirement Primary evidence What to fix first
SPF authentication DNS TXT record and Authentication-Results pass. Authorize the sending platform and remove conflicting SPF records.
DKIM authentication DKIM-Signature header, selector DNS, and provider pass result. Publish the correct selector and sign mail from the sending stream.
DMARC policy and alignment DMARC TXT record plus aligned SPF or DKIM domain. Align the visible From domain with authenticated SPF or DKIM identity.
Unsubscribe requirements List-Unsubscribe, List-Unsubscribe-Post, body unsubscribe, and SLA. Add one-click headers and make opt-out handling prompt and clear.
Complaint discipline Reported spam complaint percentage. Suppress unengaged addresses and improve consent and segmentation.

The selected profile changes thresholds and required rows. For example, the combined Google and Yahoo profile treats 5,000 daily messages as the higher-volume threshold, expects SPF or DKIM alignment through DMARC, and checks for one-click plus body unsubscribe evidence on marketing streams.

Accuracy Notes:

DNS and header checks are point-in-time evidence. Resolver cache, subdomain delegation, message routing, third-party signing, forwarding, and provider-specific enforcement can change what a mailbox provider observes.

  • Use headers from a real delivered message to the target provider, not only the sending platform preview.
  • Check each sending stream separately when marketing, transactional, and forwarding mail use different infrastructure.
  • Monitor complaint rate continuously; a low historical average can hide a recent bad campaign.
  • Confirm unsubscribe handling with operational logs, not only the presence of headers.

Worked Examples:

A marketing sender at 6,500 messages per day with SPF, DKIM, aligned DMARC, one-click unsubscribe, and a 0.08% complaint rate should show the core requirements as clear for the combined Google and Yahoo profile.

A sender with SPF pass but missing DKIM will usually receive a blocking authentication row for profiles that require both DKIM and DMARC alignment evidence. The remediation queue should prioritize DKIM signing and selector DNS before content changes.

A sender with correct authentication but a 0.35% complaint rate can still be blocked or warned because mailbox providers treat complaint rate as a direct quality signal. List hygiene and consent fixes matter even when DNS is correct.

FAQ:

Does a DMARC record alone satisfy authentication requirements?

No. DMARC depends on SPF or DKIM passing and aligning with the visible From domain. A record with no aligned pass still leaves a compliance gap.

Why does the visible From domain matter?

Recipients see the From domain, and DMARC alignment is based on that identity. Authentication on an unrelated bounce or vendor domain may not satisfy alignment.

Is one-click unsubscribe required for transactional mail?

The strictest unsubscribe checks usually apply to promotional or marketing streams. Transactional streams should still keep identity, authentication, and complaint evidence clean.

Can forwarding break authentication?

Forwarding can break SPF and sometimes alter headers or body content. ARC and clean DKIM signing can help preserve authentication evidence through intermediaries.

Glossary:

SPF
Sender Policy Framework, a DNS-based way to authorize mail servers for a domain.
DKIM
DomainKeys Identified Mail, a cryptographic signature that lets receivers verify signed message content and domain identity.
DMARC
A policy layer that checks whether SPF or DKIM aligns with the visible From domain.
Alignment
The relationship between authenticated domains and the visible From domain.
One-click unsubscribe
A header-based unsubscribe mechanism that lets mailbox providers submit opt-out requests without extra user steps.

References: