Bulk Email Deliverability Checker - SPF, DKIM, DMARC, MX
Pricing
Pay per usage
Bulk Email Deliverability Checker - SPF, DKIM, DMARC, MX
Audit thousands of domains for email authentication, DNS issues, and deliverability risk. Checks SPF, DKIM, DMARC, MX, DNSSEC, MTA-STS, TLS-RPT, BIMI. No login, no proxy, no API keys needed.
Pricing
Pay per usage
Rating
0.0
(0)
Developer
Jayesh Choolun
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
a day ago
Last modified
Categories
Share
Bulk Email Deliverability Checker — SPF, DKIM, DMARC, MX
Audit thousands of domains for email authentication, DNS security, and deliverability risk. Check SPF, DKIM, DMARC, MX records, DNSSEC, MTA-STS, TLS-RPT, and BIMI in bulk. No proxy, no login, no API keys required — pure DNS queries.
Why email deliverability matters
Email authentication failures cost businesses real money. Domains without SPF, DKIM, and DMARC are vulnerable to spoofing, phishing, and spam filtering. Cold emails from unauthenticated domains land in spam. Google and Yahoo now require DMARC for bulk senders (2024 enforcement). This actor lets you audit any domain portfolio in seconds.
What it checks
| Check | Description |
|---|---|
| MX records | Mail exchange records + email provider detection (Google Workspace, Microsoft 365, Zoho, SendGrid, Mailgun, ProtonMail, and 15+ others) |
| SPF | Sender Policy Framework validation — single record check, all mechanism, DNS lookup count (RFC 7208 limit), +all danger detection |
| DKIM | DomainKeys Identified Mail public key probing across 14+ common selectors (google, default, selector1, selector2, k1, sendgrid, mailgun, etc.) |
| DMARC | Domain-based Message Authentication parsing — policy (none/quarantine/reject), subdomain policy, percentage, rua/ruf report destinations |
| DNSSEC | DNS Security Extensions — zone signing check via DO-flag UDP query (fast, no DNSKEY round-trip) |
| MTA-STS | SMTP MTA Strict Transport Security — TXT record + HTTPS policy file validation |
| TLS-RPT | TLS Reporting — failure report destination at _smtp._tls |
| BIMI | Brand Indicators for Message Identification — logo authentication record |
| Security headers | Optional: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy |
Output
Each domain produces a dataset item with:
domain— the domain namescore— 0-100 deliverability scoregrade— letter grade (A through F)emailProvider— detected email provider (Google Workspace, Microsoft 365, Zoho, etc.)spfValid— booleandmarcPolicy— none / quarantine / rejectdkimPresent— booleandkimSelectorsFound— list of selectors with public keysdnssecEnabled— booleanmtaStsPresent— booleantlsRptPresent— booleanbimiPresent— booleancriticalIssues— list of critical problemswarnings— list of non-critical issuesrecommendations— actionable fix suggestionsissuesCount— total issue count- Full nested details under
mx,spf,dmarc,dkim,dnssec,mtaSts,tlsRpt,bimi
A SUMMARY key-value store entry contains aggregate stats: total domains, average score, grade distribution, throughput.
Example output
{"domain": "cloudflare.com","score": 92,"grade": "A","emailProvider": "Other / Unknown","spfValid": true,"dmarcPolicy": "reject","dkimPresent": true,"dkimSelectorsFound": ["k1", "mandrill", "s1"],"dnssecEnabled": true,"mtaStsPresent": false,"tlsRptPresent": false,"bimiPresent": true,"criticalIssues": [],"warnings": ["MTA-STS not configured."],"recommendations": ["Configure MTA-STS to enforce TLS for inbound SMTP."],"issuesCount": 1}
Scoring
| Component | Points |
|---|---|
| MX records present | 15 |
| SPF present + valid | 25 |
| DMARC present + enforced | 25 |
| DKIM present | 15 |
| DNSSEC enabled | 10 |
| MTA-STS configured | 5 |
| TLS-RPT configured | 3 (bonus) |
| BIMI configured | 2 (bonus) |
| Maximum | 100 |
Grades: A (90+), B (80-89), C (70-79), D (60-69), E (40-59), F (<40)
Input
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
domains | array[string] | One of domains/domainsText | — | List of domains to check |
domainsText | string | One of domains/domainsText | — | Newline or comma-separated domains for bulk paste (10,000+) |
dkimSelectors | array[string] | No | 14 common selectors | DKIM selector names to probe |
checkDNSSEC | boolean | No | true | Check DNSSEC |
checkMTASTS | boolean | No | true | Check MTA-STS + TLS-RPT |
checkBIMI | boolean | No | true | Check BIMI |
checkSecurityHeaders | boolean | No | false | Check HTTPS security headers |
timeout | integer | No | 10 | DNS query timeout (seconds) |
concurrency | integer | No | 10 | Concurrent domain checks (1-100) |
dnsResolver | string | No | system default | Custom DNS resolver IP (e.g. 1.1.1.1) |
Use cases
- Cold email agencies: Audit client domains before outreach campaigns — ensure SPF, DKIM, and DMARC are configured so emails land in inbox, not spam
- SEO agencies: Add email deliverability auditing to client reports as a value-add service
- Lead generation teams: Filter prospect domains by deliverability score — skip domains that can't receive email
- Security teams: Bulk-check domain portfolios for spoofing risk and DMARC enforcement gaps
- Domain investors: Assess domain email infrastructure quality before purchase
- SaaS operations: Monitor your own domain's email authentication posture over time
- Compliance audits: Verify Google/Yahoo 2024 bulk sender requirements across all sending domains
- MSPs: Audit all client domains as part of onboarding security checks
Performance
- ~0.1s per domain (all DNS checks run in parallel per domain)
- ~6-25 domains/second depending on concurrency
- No proxy needed — pure DNS queries
- No API keys needed
- No login required
- Scales to 10,000+ domains per run
- Python 3.12, Apify SDK 3.x, dnspython 2.x
Pricing
Pay-per-event: $0.001 per domain checked. You only pay for results delivered. No subscription, no minimum. Check 1 domain for $0.001 or 10,000 domains for $10.
How it works
- Provide a list of domains (via
domainsarray or paste intodomainsText) - The actor queries DNS records for each domain in parallel
- For each domain, it checks MX, SPF, DMARC, DKIM (14 selectors), DNSSEC, MTA-STS, TLS-RPT, and BIMI
- Results are scored 0-100 with letter grades and actionable recommendations
- All results are pushed to the Apify dataset as structured JSON
- A summary with aggregate stats is saved to the key-value store
Categories
SEO tools, Business, Lead generation, Developer tools