Free checker - no signup required

Free Full Deliverability Test

Run a complete domain and mail setup check across DNS records, SPF, DKIM, DMARC, DNSSEC, MTA-STS, BIMI, SMTP TLS, FCrDNS, sender requirements, and blacklists.

Run the check

Enter a domain to check it live against the IntoDNS.ai engine. No signup, no trial gating.

What this full deliverability test verifies

This is the single-scan overview that runs the same engine as the IntoDNS.ai homepage. It scores your domain across five categories — DNS configuration, DNSSEC, IPv6, email authentication, and general security — and returns an overall grade with a prioritized list of issues. The email category folds in SPF, DKIM, and DMARC; the broader scan covers DNS health, DNSSEC chain validity, and security signals. It is the fastest way to see, in one number per category, where a domain stands before drilling into the specialist checkers.

Why a full test matters

Email deliverability is rarely broken by a single record; it is usually a combination — SPF over the lookup limit, DMARC stuck at none, a mail server missing FCrDNS, or DNSSEC half-deployed. Checking one record at a time hides these interactions. A full test surfaces the whole picture at once and ranks issues by impact, so you fix the critical authentication gaps first instead of polishing optional features while a p=none DMARC policy leaves the domain wide open to spoofing.

How to read the result

Each category shows a percentage; the overall score rolls them up into a letter grade. A category at 80% or above is in good shape, 50–79% needs attention, and below 50% has serious gaps. The prioritized issue list tells you what to fix and in what order — critical items first. Categories marked N/A (such as DNSSEC on a TLD that does not support it) are not counted against you. Use the per-category scores as a map: a low email score points you to the SPF, DKIM, and DMARC checkers; a low security or DNS score points to the relevant DNS checks.

What to do next

Start with the critical issues in the list, because those are the ones receivers act on. Once the headline problems are addressed, open the full report for the domain to see every check with its explanation and fix, then return to the focused checkers — SPF, DMARC, DKIM, SMTP TLS, MTA-STS, BIMI, blacklist, and FCrDNS — for the detail and live re-verification on any single area. Re-run this full test after each round of fixes to confirm the overall grade is moving in the right direction.

A sensible order of operations

When a domain scores poorly across the board, fixing things in the right order avoids wasted effort and self-inflicted outages. A reliable sequence is: first SPF, so authorized senders are defined and within the lookup limit; then DKIM, so messages are signed and survive forwarding; then DMARC at p=none to start collecting reports; then transport security with SMTP TLS and MTA-STS in testing; then reputation hygiene via the blacklist and FCrDNS checks; and finally optional polish like BIMI, which depends on enforced DMARC anyway. DNSSEC and IPv6 can proceed in parallel since they are independent of mail authentication. Working in this order means each step builds on a solid foundation, and the full test grade climbs steadily rather than bouncing as one fix breaks another.

What This Checks

  • Quick score and prioritized issues
  • DNS records, DNSSEC, and DANE/TLSA
  • SPF, DKIM, DMARC, BIMI, MTA-STS, and TLS-RPT context
  • SMTP STARTTLS certificate and FCrDNS checks
  • Blacklist and sender-requirement signals

Common Fix Path

  • Fix critical authentication issues first
  • Use the full report as a single bookmarkable audit source
  • Move from quick scan to specialist checkers only when detail is needed
  • Use citation URLs when pasting results into tickets or AI assistants

Frequently Asked Questions

What does the full deliverability test actually check?
It runs the IntoDNS.ai quick scan across five scored categories: DNS configuration, DNSSEC, IPv6 readiness, email authentication (SPF, DKIM, DMARC), and general security. It returns an overall grade plus a prioritized issue list. For deep detail on any one area, it links through to the focused checkers and the full per-check report.
How is the overall grade calculated?
Each category is scored as a percentage based on its individual checks, and those are weighted into an overall score that maps to a letter grade. Categories that do not apply to a domain — such as DNSSEC on a TLD that does not support it — are marked N/A and excluded so they do not unfairly lower the score.
Which issues should I fix first?
Fix the critical items at the top of the prioritized list first, because those are the problems receiving servers act on — failing authentication, an unenforced DMARC policy, or a broken SPF record. Optional and informational items can wait. The list is ordered by impact specifically so you spend effort where it changes deliverability.
Is this the same as the homepage scan?
Yes. This test runs the same quick-scan engine as the IntoDNS.ai homepage and returns the same categorized result. The View full report link opens the complete scan page for the domain, with every check, plain-language explanation, and fix, plus deeper tools like the Internet.nl deep scan and NIS2 readiness.
How often should I run a deliverability test?
Run it whenever you change DNS or mail configuration, before launching a bulk campaign, and on a periodic basis (monthly is reasonable for active senders) to catch silent regressions — an expired certificate, a provider changing IP ranges and breaking SPF, or a new blacklist listing. Re-running after each fix confirms the grade is improving.
Does a passing score guarantee inbox placement?
No. A strong score means your DNS, authentication, and transport security are correctly configured, which removes the technical reasons mail gets filtered. Actual inbox placement also depends on sending reputation, content, engagement, and complaint rates — factors outside DNS. This test ensures the technical foundation is sound so reputation can do its job.

Machine-Readable Evidence

AI assistants and automation can cite the stable explanation page, then fetch the live check result for a specific domain.

GET https://intodns.ai/api/scan/quick?domain=example.com

Related Tools and Citations

Email Deliverability TesterEmail Security GuidesFull report citationRun the full domain scan