Bulk Email Deliverability Checker - SPF, DKIM, DMARC, MX avatar

Bulk Email Deliverability Checker - SPF, DKIM, DMARC, MX

Pricing

Pay per usage

Go to Apify Store
Bulk Email Deliverability Checker - SPF, DKIM, DMARC, MX

Bulk Email Deliverability Checker - SPF, DKIM, DMARC, MX

Audit thousands of domains for email authentication, DNS issues, and deliverability risk. Checks SPF, DKIM, DMARC, MX, DNSSEC, MTA-STS, TLS-RPT, BIMI. No login, no proxy, no API keys needed.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

Jayesh Choolun

Jayesh Choolun

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

a day ago

Last modified

Share

Bulk Email Deliverability Checker — SPF, DKIM, DMARC, MX

Audit thousands of domains for email authentication, DNS security, and deliverability risk. Check SPF, DKIM, DMARC, MX records, DNSSEC, MTA-STS, TLS-RPT, and BIMI in bulk. No proxy, no login, no API keys required — pure DNS queries.

Why email deliverability matters

Email authentication failures cost businesses real money. Domains without SPF, DKIM, and DMARC are vulnerable to spoofing, phishing, and spam filtering. Cold emails from unauthenticated domains land in spam. Google and Yahoo now require DMARC for bulk senders (2024 enforcement). This actor lets you audit any domain portfolio in seconds.

What it checks

CheckDescription
MX recordsMail exchange records + email provider detection (Google Workspace, Microsoft 365, Zoho, SendGrid, Mailgun, ProtonMail, and 15+ others)
SPFSender Policy Framework validation — single record check, all mechanism, DNS lookup count (RFC 7208 limit), +all danger detection
DKIMDomainKeys Identified Mail public key probing across 14+ common selectors (google, default, selector1, selector2, k1, sendgrid, mailgun, etc.)
DMARCDomain-based Message Authentication parsing — policy (none/quarantine/reject), subdomain policy, percentage, rua/ruf report destinations
DNSSECDNS Security Extensions — zone signing check via DO-flag UDP query (fast, no DNSKEY round-trip)
MTA-STSSMTP MTA Strict Transport Security — TXT record + HTTPS policy file validation
TLS-RPTTLS Reporting — failure report destination at _smtp._tls
BIMIBrand Indicators for Message Identification — logo authentication record
Security headersOptional: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy

Output

Each domain produces a dataset item with:

  • domain — the domain name
  • score — 0-100 deliverability score
  • grade — letter grade (A through F)
  • emailProvider — detected email provider (Google Workspace, Microsoft 365, Zoho, etc.)
  • spfValid — boolean
  • dmarcPolicy — none / quarantine / reject
  • dkimPresent — boolean
  • dkimSelectorsFound — list of selectors with public keys
  • dnssecEnabled — boolean
  • mtaStsPresent — boolean
  • tlsRptPresent — boolean
  • bimiPresent — boolean
  • criticalIssues — list of critical problems
  • warnings — list of non-critical issues
  • recommendations — actionable fix suggestions
  • issuesCount — total issue count
  • Full nested details under mx, spf, dmarc, dkim, dnssec, mtaSts, tlsRpt, bimi

A SUMMARY key-value store entry contains aggregate stats: total domains, average score, grade distribution, throughput.

Example output

{
"domain": "cloudflare.com",
"score": 92,
"grade": "A",
"emailProvider": "Other / Unknown",
"spfValid": true,
"dmarcPolicy": "reject",
"dkimPresent": true,
"dkimSelectorsFound": ["k1", "mandrill", "s1"],
"dnssecEnabled": true,
"mtaStsPresent": false,
"tlsRptPresent": false,
"bimiPresent": true,
"criticalIssues": [],
"warnings": ["MTA-STS not configured."],
"recommendations": ["Configure MTA-STS to enforce TLS for inbound SMTP."],
"issuesCount": 1
}

Scoring

ComponentPoints
MX records present15
SPF present + valid25
DMARC present + enforced25
DKIM present15
DNSSEC enabled10
MTA-STS configured5
TLS-RPT configured3 (bonus)
BIMI configured2 (bonus)
Maximum100

Grades: A (90+), B (80-89), C (70-79), D (60-69), E (40-59), F (<40)

Input

FieldTypeRequiredDefaultDescription
domainsarray[string]One of domains/domainsTextList of domains to check
domainsTextstringOne of domains/domainsTextNewline or comma-separated domains for bulk paste (10,000+)
dkimSelectorsarray[string]No14 common selectorsDKIM selector names to probe
checkDNSSECbooleanNotrueCheck DNSSEC
checkMTASTSbooleanNotrueCheck MTA-STS + TLS-RPT
checkBIMIbooleanNotrueCheck BIMI
checkSecurityHeadersbooleanNofalseCheck HTTPS security headers
timeoutintegerNo10DNS query timeout (seconds)
concurrencyintegerNo10Concurrent domain checks (1-100)
dnsResolverstringNosystem defaultCustom DNS resolver IP (e.g. 1.1.1.1)

Use cases

  • Cold email agencies: Audit client domains before outreach campaigns — ensure SPF, DKIM, and DMARC are configured so emails land in inbox, not spam
  • SEO agencies: Add email deliverability auditing to client reports as a value-add service
  • Lead generation teams: Filter prospect domains by deliverability score — skip domains that can't receive email
  • Security teams: Bulk-check domain portfolios for spoofing risk and DMARC enforcement gaps
  • Domain investors: Assess domain email infrastructure quality before purchase
  • SaaS operations: Monitor your own domain's email authentication posture over time
  • Compliance audits: Verify Google/Yahoo 2024 bulk sender requirements across all sending domains
  • MSPs: Audit all client domains as part of onboarding security checks

Performance

  • ~0.1s per domain (all DNS checks run in parallel per domain)
  • ~6-25 domains/second depending on concurrency
  • No proxy needed — pure DNS queries
  • No API keys needed
  • No login required
  • Scales to 10,000+ domains per run
  • Python 3.12, Apify SDK 3.x, dnspython 2.x

Pricing

Pay-per-event: $0.001 per domain checked. You only pay for results delivered. No subscription, no minimum. Check 1 domain for $0.001 or 10,000 domains for $10.

How it works

  1. Provide a list of domains (via domains array or paste into domainsText)
  2. The actor queries DNS records for each domain in parallel
  3. For each domain, it checks MX, SPF, DMARC, DKIM (14 selectors), DNSSEC, MTA-STS, TLS-RPT, and BIMI
  4. Results are scored 0-100 with letter grades and actionable recommendations
  5. All results are pushed to the Apify dataset as structured JSON
  6. A summary with aggregate stats is saved to the key-value store

Categories

SEO tools, Business, Lead generation, Developer tools