Our Commitment to Free Tools

MxToolbox started out as a simple set of free tools for IT and Email administrators. Most of our customers used our original DNS, MX and Blacklist lookups to verify their website and email setup and understand why email wasn’t going through. Since those days, we’ve committed to continually adding useful free tools to help IT and Email professionals with their daily tasks. From A record (and AAAA record) lookups to Whois Lookup, we have you covered (and if there is a tool we’re missing, we encourage you to let us know).

Not only do we have a comprehensive list of tools, we continue to expand it: when we find a tool we need, we add it to the list. For example, we recently added the:

MTA-STS Lookup: This test checks a domain or hostname for an MTA-Strict Transport Security (MTA-STS) DNS TXT record and also for a valid MTA-STS policy.

Organize your MxToolbox Tools

We understand that not all our tools are for everyone, and that you use different groups of tools for different tasks: email, security, setup, etc. For your convenience, we organized our tools into categories:

  • All Tools: Every available free tool is housed under this tab.
  • Email: For email problems, this tab is your best bet
  • Network: To address potential network issues, try these tools.
  • Website: If you have any website queries, this tab provides answers.
  • DNS: You can find all tools related to DNS here.
  • New: This tab shows the most recent additions to our expanding toolbox.
  • My Favorite Tools: Your customized favorites list. For more information, see the corresponding section below. Learn how to setup your favorites

For a complete list of our free tools, click here. We always enjoy questions/feedback, so let us know about your MxToolbox tools experience. Be sure to use our tools to improve your email delivery rates!

Google and Yahoo are upping their game in 2024!

In the on-going battle against spam, Google and Yahoo have announced new standards for 2024 that will help protect their inboxes and curtail spam intrusions. This is great news for legitimate email senders who abide by email best practices as we expect other Inbox Providers and email services to follow their lead. However, your business may need to adapt to these new standards or risk missing the Inbox.

Google and Yahoo to Require SPF, DKIM, and DMARC

For Google, if your business sends more than 5,000 messages to Gmail addresses, you must adopt SPF, DKIM, and DMARC by February 2024. Yahoo will apply the same trio of requirements to “bulk senders” in the first quarter of 2024, though they have not defined what constitutes a bulk sender.

The new email requirements include both SPF and DKIM records for authenticating email-sending domains, a DMARC record for the domain, and a “From” header that matches either the SPF or DMARC record, known as “alignment.” In addition, marketers must keep spam rates below 0.3% and provide the ability to unsubscribe with a single click if the recipient chooses.

What does this mean for your business?

Google’s and Yahoo’s requirements are a critical move to reinforce your company’s email best practices. With the two largest email providers taking major steps to secure inboxes, more Inbox Providers will adopt similar DMARC policies in the future. Getting prepared will be key.

If your company has already enabled SPF, DKIM and DMARC, you get a boost. Your messages will have to compete with fewer poorly configured emails or spam messages. Your email has protection against impersonation through better authentication and, with DMARC, you are able to see SPF and DKIM configuration issues that would put your email delivery at risk and detect spammers attempting to use your domain for fraud of phishing. If you have not configured SPF, DKIM and DMARC, you have a short window to get prepared. Regardless of your SPF, DKIM and DMARC configuration, however, the requirement to maintain a low rate of being marked as “spam” could really hurt you if you are purchasing email lists.

How Can MxToolbox Help?

With these upcoming changes to Google and Yahoo, now is the perfect time to use our various tools and products to improve your email deliverability!

Since DMARC will soon be a requirement for those providers, MxToolbox Delivery Center will help your sending domain achieve the best possible email delivery rates, including managing your DMARC setup. In addition, our Inbox Placement feature will tell you if your campaigns are being sent to the Spam/Junk folders or actually making it to inboxes, as well as which Inbox Provider(s) you are having trouble sending to.

MxToolbox is the Expert on email delivery. We offer a wide range of free and subscribed options, so be proactive now and take advantage of them before these new 2024 guidelines are applied to your outgoing newsletters and marketing campaigns.

Seriously, Stop Buying Email Lists

In the early days of the Internet, purchasing a list of email addresses was a legitimate business tactic. Lists were a new thing, sending an email was basically free, email servers accepted almost all email and spam was not much of a problem.

Spam Unsolicited email that is sent in bulk.

Let me say this unequivocally, if you purchase and use email lists, You Are A Spammer. Any email sent in bulk that was not opted into by the recipient is considered spam. If you have zero prior contact with this email address, you are spamming it. It does not matter if you have a legitimate business and that you are not trying to scam the recipient, your email is still unwanted. Think of email spam as equivalent to the pile of unwanted ads in your regular mailbox. You didn’t ask for it and it wastes your time and resources to get rid of it.

Inbox Providers Have Ramped Up Spam Defenses

The main goal for Inbox Providers is to protect their users by eliminating irrelevant, unwanted and dangerous emails. Over the last 20 years, Inbox Providers have applied multiple layers of defenses around their inboxes:

  • Checking senders against Blacklists/Blocklists
  • Refusing non-TLS encrypted email
  • Checking SPF, DKIM and DMARC configurations and then bouncing non-compliant email
  • Scanning email attachments for malware
  • Scanning email links for potential malware websites
  • Checking content for known spammy verbiage
  • Deprioritizing email campaigns sent to closed, unused, or non-existent accounts
  • Aggregating sentiment across recipients

Now, using Aggregate Sentiment algorithms and AI, Inbox Providers can detect campaigns that have low relevance, start from purchased lists, or are likely to be marked as spam and drop the entire campaign in the spam folder. Further, some senders dependent on purchased email lists have reported all email from their domain being binned – essentially burning out their sending domain.

What can you do?

The first thing you need to do it stop depending on purchased email lists for prospecting, continuing to do so could burn out your domain reputation. To do this, you need to look at other methods for lead generation:

  • Online advertising
  • Word of mouth
  • Social media advertising
  • Opt-in email newsletters

How can MxToolbox help?

If you have burned out your sending domain, MxToolbox can help you setup a new email sending domain, configure email best practices, etc. however, you must change your email practices or this will happen again. DMARC, and a DMARC management tool like MxToolbox Delivery Center will help your sending domain achieve the best possible email delivery. In addition, our Inbox Placement feature will tell you if your campaigns are being dumped into the spam folder or making it to the Inbox and analyze your email for potential inbox placement issues.

Uncover your Email Problems with our Email Delivery Tools

Email delivery is probably the most important connection between Marketing Art and Information Technology. Whether your email is driving sales, connecting to vendors or simply for internal communications, an email that fails to make the Inbox is a failure of communications that can cost your business.

Email Health

A tool that is often overlooked yet is highly beneficial for your email deliverability is our Email Health Report. This tool executes hundreds of domain/email/network setup tests to ensure all of your systems are online and performing optimally. The report returns results for your domain and highlights critical problem areas that need to be resolved.

  • Get full visibility of your email’s health status in one concise report.
  • Identify every problem facing your email, including blacklist, mail server, web server, and DNS issues.
  • Be proactive about email health and detect any current email issues before they cause email failures.

Major MxToolbox Email Delivery Tools

Email delivery is a constantly changing technology landscape. Inbox providers change policies and technologies to protect their users and spammers change methods to get their unwanted messages read. MxToolbox is the Expert in Email Delivery and provides tools to better help you understand your legitimate email delivery issues.

  • Blocklist (IP or Host): The blocklist check tests a mail server’s IP address against over 100 DNS-based email blocklists.
  • DMARC Delivery Report: This tool creates comprehensive DMARC reports, providing insight into potential issues and any needed changes to your DMARC policy.
  • DMARC Report Analyzer: This option makes DMARC Aggregate XML reports human readable by parsing and aggregating them by IP address into helpful reports.
  • Email Bounceback Analyzer: This analyzer returns details regarding the bounce error, such as the inbox provider, why the message bounced, and additional information to help remedy the issue.
  • MTA-STS Lookup: This test checks a domain or hostname for an MTA-Strict Transport Security (MTA-STS) DNS TXT record and also for a valid MTA-STS policy.
  • Spam Analyzer: This tool uses the SpamAssassin software to analyze your message and return a spam score from over 711 various criteria.

Inbox Placement Analysis

Our Inbox Placement tool analyzes your campaign emails before you send them. We determine if the email will make the inbox at major Inbox Providers like Google, Yahoo! and Outlook.com/Office365. We also analyze important technology and soft factors like:

  • DMARC Compliance
  • Broken or copious links
  • Wordiness
  • Broken or too many images
  • Spammy verbiage
  • Other indicators of spam

Inbox Placement is a feature of all paid Delivery Center plans, so you can test your marketing emails and improve your DMARC compliance all in one place.

Does DMARC and email deliverability seem too complicated?

MxToolbox Experts are here with a Managed Services approach to your email configuration issues.

Validity goes behind a Paywall

Validity recently announced that their Universal Feedback Loop ARF reports were no longer a free service but going to be a paid subscription. They are replacing their individual ARF reports with a free aggregate report today.

What is Validity ARF Reports?

Abuse Reporting Format (ARF) is standard that allows Inbox Providers to provide Feedback or Recipient Complaint information to legitimate email senders. The data contained in a ARF report can be as limited as the subject of the email and number of complaints or may be highly detailed information, like:

  • Date and Time of the Complaint
  • Date and Time of the Email Sent
  • Subject of the email
  • Email Addresses Unsubscribing
  • Email Addresses Complaining
  • Email Addresses Failing
  • Type of Failure or Complaint

However, Validity ARF reports only contain minimally actionable information: Subject, Date and Type of Complaint and email header with obfuscated recipient data.

Who does the change affect?

MxToolbox Delivery Center customers with a Validity Feedback Loop/Complaint integration will lose access to new Validity data on September 22, 2023. MxToolbox is investigating the value of integrating with their free aggregate version of the Universal Feedback Loop systems or terminate the integration with Validity.

Our product team is constantly evaluating the potential for new integrations to ensure that our Recipient Complaints feature provides detailed, actionable insight to our customers. While Validity ARF reports contained some actionable insight when free, the impact when compared to DMARC data and other sources of Feedback Loops will be minor to most customers.

MxToolbox’s Stance

MxToolbox has always been an advocate for improving email delivery and an early adopter of DMARC and Feedback Loop aggregation technology. Feedback Loops were intended to be used to improve the quality of email and reduce the quantity of unwanted email, so, placing Feedback Loop and Complaint information behind a paywall seems like the wrong direction. The additional costs will be especially rough for small-to-medium businesses to bear.

MxToolbox Free Email Delivery Tools

MxToolbox has always been a provider of Free Email Delivery Tools. From our early days Blacklist Lookups and Monitors have been free to use. We continue to expand our suite of free tools to help businesses improve email delivery.

Email Content is King! sort of

The essence of a good email is sending the right message to the right person at the right time. Unfortunately, many email marketers make several common mistakes:

  1. Assuming that Email is Free
  2. Assuming that “Good” content is the same for all recipient personas
  3. Assuming that more content is better

#2 and #3 are understandable. After all, your team might have spent a lot of time and effort to create quality content and you want to get your money’s worth. Reusing content, combining it with other pieces, or calling it out in different ways are marketing best practices. However, there are some other best practices that need to be adopted as well.

Generic is boring

There is an American electronics retailer that emails me several times a week. Unfortunately, the content is often the generic “We have new products!” or “We have a sale!” with a call to action that really means “search on our website (to maybe sorta, kinda see if there is anything relevant to you)”. Why should I bother? It’s lazy, generic marketing that makes me work to find any value in it. It’s a throwback to the Sunday newspaper advertisement circulars that had a little bit on sale for everyone; but that is now obsolete.

If you are sending a generic email like this, stop now. There are better ways to engage potential customers through simple segmentation or self-selected segmentation. For example, this retailer could send out an email by brand (Samsung, Apple, LG, etc), or by category (appliance, PC, mobile, smart tv, etc.), giving the recipient enough information to entice further interaction with their site. While still somewhat generic, it is more targeted and there are is direct value to open it if I resonate with that brand or product. Even better would be a tailored email of new and sale items based on prior browsing and purchase history.

Brevity is the soul of wit

Brevity is also the key to engagement. Do you read long emails from advertisers? Most people don’t. A short, direct email with a clear call to action gets more attention than a lengthy email, no matter how well written. This is easier to accomplish once you stop sending generic emails.

A picture is worth a thousand words…

And, many pictures can be confusing… One or two images per major idea should be sufficient to communicate your brand values and the ideas you need to get across. Just as with brevity in verbiage, more meaningful, connected images make a larger impact.

A broken link goes nowhere

A broken or malformed link also does you no good. Checking the number and endpoints of every link, especially calls-to-action will improve the quality of your email and may potentially save you from looking like spam.

Email Delivery

While these Best Practices are written to improve content to achieve better email performance from a marketing, they will also improve your email delivery. Inbox Providers are attempting to serve users by prioritizing relevant email. Large, generic emails, or emails with many images or links look suspicious. In addition, because these types of emails tend to have poor open rates, they are also more likely to be mistaken for spam.

How can MxToolbox Help?

Our Inbox Placement tool analyzes your campaign emails before you send them. We determine if the email will make the inbox at major Inbox Providers like Google, Yahoo! and Outlook.com/Office365. We also analyze important technology and soft factors like:

  • DMARC Compliance
  • Broken or copious links
  • Wordiness
  • Broken or too many images
  • Spammy verbiage
  • Other indicators of spam

Inbox Placement is a feature of all Delivery Center plans, so you can test your marketing emails and improve your DMARC compliance all in one place.

Does DMARC and email deliverability seem too complicated?

MxToolbox Experts are here with a Managed Services approach to your email configuration issues.

Google expands support for BIMI: Is it time to dive in?

Google recently rolled out additional support for BIMI through their Gmail.com webmail application and mobile apps.  Since Google is one of the largest Inbox Providers in the world, this should be an exciting step forward for BIMI and for Marketers wanting to reach potential customers.  (For more information on BIMI, click here.)

Google’s Implementation

On Gmail.com and Google mobile applications, users will see a checkmark and BIMI logo next to an opened email as in the image below.  In addition, Google mobile applications will display the logo next to the sender in the Inbox view by the subject line.  BIMI logos should lead to an uptick in Open Rates and Click-through Rates because of additional confidence in the “certified” origins of these emails.

In order to have your logo displayed, Google requires you to:

  1. Setup SPF, DKIM and DMARC
  2. Have a DMARC Policy set to 100% Reject for email failing DMARC
  3. Generate and post a correct BIMI logo
  4. Have a Verified Mark Certificate (VMC)

The first two steps will dramatically improve a sender’s email delivery and email reputation.  Adopting DMARC gives Inbox Providers more assurance that your email is legitimate and not spam, while a strict DMARC policy prevents your email domain from being used in phishing and fraud attacks.  A VMC is designed to protect both Google and your brand by certifying the owner of the logo and domain.  Unfortunately, a VMC costs roughly $1100-$1500 annually per Email Sending Domain, which makes it expensive for many small businesses.

What other Inbox Providers support BIMI?

The BIMI working group has a list of all current Inbox Providers that support BIMI.  The good news is that big, global Inbox Providers like Apple, Yahoo!, and now, Google support BIMI as do several smaller or local providers like Fastmail and LaPoste.  This list appears to be growing.

Unfortunately, consistent logo display is an issue.  Many Inbox Providers only have partial support for BIMI or support different rules for displaying BIMI logos online vs via mobile applications.  In addition, many providers do not support BIMI logos in the Inbox view, where most people make the decision on whether or not to open the email.  This reduces the impact to Open Rates and subsequent downstream effects, like Click-through rates and Sales.  

MxToolbox Expert Take

Increased support for BIMI is a great sign for the technology.  After over four years of moving glacially forward, we’re hopeful that this will increase the pace of BIMI adoption.  To a Marketer, the idea of having your logo proudly displayed next to your verified email in the Inbox both increases the chance of the recipient opening the email and improves the reputation of the brand. 

There are Drawbacks

However, the current level of support does not entirely live up to that promise: few Inbox Providers display the logo in the Inbox where Open Rates will be affected. In addition, the extra expense associated with a Verified Mark Certificate might be considered burdensome for many small businesses, leaving gains to the larger businesses and brands.  While the extra security from a VMC is like that of an SSL certificate for ecommerce, the additional value BIMI provides may not be there for every brand yet.  

There are Alternatives

Finally, both Google and Microsoft already have other ways to display user images or logos in the message view of an individual email.  If the sender is a Google Workspace user, their preferred image will be displayed in the same spot as the BIMI logo.  Microsoft offers Microsoft Business Profile program to create a unique identifier card. Office Web Apps in Office 365 and Outlook.com use the verified icon provided to Microsoft when a company joins the program.  A savvy marketer might be able to get much of the BIMI effect from these alternatives.

MxToolbox Recommendation

Focus on the basics of Email Delivery: Technologies like SPF, DKIM and DMARC, and Best Practices in email list management and content relevance. Once your DMARC configuration is really set, then think about icing the cake with BIMI.  To get started with BIMI, check out our Knowledge Base and free BIMI Lookup tool.

Adopting DMARC and getting DMARC to a strict policy is imperative for good email delivery and adopting BIMI. Get started today with MxToolbox Delivery Center.

The Case for SPF Flattening

SPF is an integral part of email delivery.  If your email is not SPF Compliant it has little chance of reaching your intended recipient.  To be SPF Compliant, you must list all of your valid email sources in your SPF record which delegates sending authority to them.  Each provider will have a recommended list of IP addresses to include as part of their setup instructions.  Unfortunately, here’s where SPF can get complicated.

What are the limitations of SPF?

The more email sources you have, the more you need to include in your SPF record.  Many companies utilize multiple email vendors, for example:

  • Inbox Providers – Office365, Google Workspace, Exchange
  • CRMs – Salesforce, Hubspot, Zoho
  • Marketing Automation – Marketo, Eloqua, etc.
  • Order Fulfillment – Netsuite, etc.
  • Support Systems

Each of these systems will have a list of IP addresses to include in your SPF records to ensure that the email they send on your behalf is compliant.  Often, these lists include multiple additional lookups.  SPF has a hard limit of ten (10) lookups for a sending domain. Unfortunately, with even a small number of email sending vendors, it is extremely easy to hit the SPF lookup limit and put your email delivery in jeopardy

What is SPF Flattening?

SPF Flattening, SPF Refactoring, SPF Restructuring, etc. is all basically the same thing:  repacking all of the valid sending IP addresses for your domain and your senders into fewer SPF records so that every sending IP address is accurately represented and SPF lookup limits are maintained.

Types of SPF Flattening

You have two distinct choices for reducing the SPF lookups in your SPF records:  manual or automatic.  There are pros and cons for both methods we’ll discuss below.

Manual SPF Flattening

Manual SPF Flattening requires understanding all the lookups in your vendors SPF includes.  You manually take each included record, parse them out, remove duplicates and create a new SPF record.  This can be as simple as removing a few duplicate entries (Gmail is often included in many provider SPF records) or completely refactoring the list of IP addresses at the IP block level.

The advantage here is that you are intimately familiar with every IP address that your company uses to send and you can eliminate blocks of IP addresses that you are not actually sending from.  A lighter, tighter SPF record is thought to be more secure and protect from potential spoofing or fraud because it reduces the attack surface area.

Unfortunately, the disadvantages of this approach are fairly large.  Manual parsing is time-consuming and knowledge-intensive.  In addition, vendors can and will often change the pool of IP addresses they send from..  This, in turn, forces you to update your SPF records to maintain good email delivery.  Finally, manual modifications create a risk of human error or choices that could cause omission of valid sending IP addresses, further risking your email delivery.

Automatic SPF Flattening

Automatic SPF Flattening involves a script or service that hosts your SPF records for you.  An SPF Flattening service will regularly check the email sources you specify should be part of your SPF records, parse, deduplicate and refactor them to ensure a “flat” SPF record that meets the lookup restrictions on SPF.  

The advantage of a fully-automated SPF Flattening service is the low-maintenance.  Your SPF records will be constantly updated as your legitimate email senders update their sending configurations.  Need a new vendor added?  Update the SPF Flattening host configuration and it’s parsed into your records.

The main disadvantages of automated SPF Flattening are cost and control.  Some providers charge by lookup served, others by domain, while others charge for each time the records are flattened or updated.  There is also a degree of control lost when outsourcing to a 3rd party.  You are now dependent on your host for accurate SPF records, timely updates and uptime.

There are also hybrid flattening options available, where you get a one-time flattened record for a fee and continue to host your own SPF record.  These services do not have automatic update capability or hosting, but they simplify the restructuring of your SPF record and allow you to control what you put in your DNS.  The trade-off here being more maintenance but less cost and more control.  

How can MxToolbox help?

You first need to know if you have a problem before solving it.  MxToolbox offers a Free SPF Lookup Tool where you can check your real-time SPF configuration for errors, including the risk of “Too Many Includes”.  

If you have Too Many Includes in your SPF record, we also offer SPF Flattening as part of our Delivery Center Plus package.  Delivery Center Plus also provides everything else you need to manage your email delivery:

  • Inbox Placement Analysis
  • Recipient Complaint Reporting
  • DMARC Email Delivery Performance Reports
  • Email Configuration Analysis
  • Adaptive Sender Blacklist Monitoring
  • Inbound + Outbound MailFlow Monitoring
  • Domain Impersonation Protection
  • Advanced Email Delivery Threat Tools
  • SPF Flattening

Recent Yahoo DMARC Reporting Issues

Over the weekend, Yahoo! experienced issues with DMARC reporting to email senders.  DMARC processing reports appeared garbled which rendered the reports unusable.  

What is a DMARC Report?

DMARC reports are critical to understanding email delivery.  They contain XML descriptions of email delivery results sent by Inbox Providers to email senders and DMARC reporting tools.  A DMARC report details email volume, SPF, DKIM and DMARC compliance information for a domain sending to that Inbox Provider. It is important for emailers to act upon the information in a DMARC report to improve their email delivery and protect their brand.

How does this affect Email Senders?

MxToolbox Delivery Center customers and others that sent email to Yahoo! over the weekend will not have accurate information on their DMARC reports back from Yahoo! This will appear as lower than normal email volume, but this should not affect compliance rates.

It is possible that Yahoo! will resend the information now that the issue has been corrected, but it is unlikely.  It is also possible that the data is no longer available or was corrupted at the source, so users can expect a hole in the data for the weekend.

Does this make DMARC less reliable?  How does this affect DMARC reporting?

This appears to be a one-time issue with Yahoo!   The issue appears to be DMARC reporting, and not DMARC compliance processing, so this does not affect email security or the value of DMARC as an email delivery technology nor does it seem to affect inbound email.  DMARC compliant email will always be prioritized over non-compliant email by large Inbox Providers like Google, Outlook.com and Yahoo!  The main issue is a short-term lack of information from one Inbox Provider, not an issue with DMARC itself.

MxToolbox Helps You Process DMARC Reports

If you have a single, small DMARC report to checkout, MxToolbox provides a free DMARC Report Analyzer.  This will give you good insight into how compliant your email was to a single Inbox Provider over a short period of time.

Getting DMARC compliant will improve your email delivery.  To achieve DMARC compliance, you need a DMARC Reporting tool like MxToolbox Delivery Center.  Delivery Center processes, aggregates and analyzes all your DMARC reports across all Inbox Providers.  You get a single interface to understand your SPF, DKIM and DMARC compliance across all your senders.

Why are my SPF Pass Rates so low?

SPF is an important technology for email delivery.  If your email is not SPF compliant, then it is highly unlikely that an Inbox Provider will deliver the email to the recipient’s inbox.  Inbox Placement is key to getting your message heard and SPF compliance is key to making the Inbox.  MxToolbox Delivery Center provides a comprehensive resource for understanding and managing SPF, DKIM and DMARC compliance, but there are few things you need to know about SPF regardless of the tools you choose.

SPF Compliance

To be SPF Compliant, an email must SPF Authenticated and SPF Aligned.  The standard provides a strict compliance that also allows a domain to designate 3rd parties as valid senders.

SPF Authentication

An email is considered SPF Authenticated when the email originates from an SMTP server on an IP address that is contained in the sending domain’s SPF records.  This enables a business to designate a 3rd party emailer as a valid sender of email.  

SPF Alignment

SPF uses the header of the email to determine Alignment.  An email is considered SPF Aligned when the domain in the “From:” address of the email is the same as the domain in the Return-Path field of the header or with a domain that is Authenticated with the valid list of senders in the SPF record.

MxToolbox SPF Pass Rates

MxToolbox has two metrics useful for understanding SPF Compliance: SPF Authentication Rates for Aligned Domains and SPF Pass Rates for Verified Sources.  These metrics enable you to report upon and analyze your email providers for areas to improve upon.

SPF Authentication Rates for Aligned Domains

As part of our SPF management processes, MxToolbox Delivery Center gathers a list of valid return path domains and subdomains and analyzes the amount of email from these SPF Aligned domains that is properly SPF Authenticated.   Email that is Aligned but not properly Authenticated indicates that one or more email senders are missing from your SPF records, or that your SPF records are too large and violate SPF include rules.  You will need to add the missing senders to your SPF record or use an SPF Flattening tool.

SPF Pass Rates for Verified Sources

As part of MxToolbox Delivery Center, we automatically detect the sources that are sending email on behalf of your domain. These include your own servers, your corporate Inbox Provider, 3rd party marketing tools, CRMs, etc.  Verified Sources should be in your SPF records, meaning they should be Authenticated. 

Our second analysis looks at the SPF Alignment rates for each of these Authenticated senders – the SPF Pass Rate.  A low SPF Pass Rate for a sender indicates that the sender’s “From” and “Return-Path” domains are not the same or not contained in your SPF record.  Unknown sources that arise from this analysis could be threats to your brand or rogue senders that need to be added to your SPF records.

There are potentially several reasons for low SPF Pass Rates for Verified Sources:

  • Spoofing – A malicious actor is trying to use your domain to legitimize their spam or malware.
  • Forwarding – Many people use inbox forwarding or mailing lists to manage email distribution or aggregate email. Forwarded email will change the return-path, breaking SPF Alignment.
  • Missing Senders – Someone may have legitimately contracted with a 3rd party emailer and failed to add the full or correct entry to the SPF record. The sender could be SPF Aligned, but not Authenticated.

To fully understand why your SPF Pass Rate for a Verified Source you need to investigate the largest sources of misaligned email, SPF Unaligned Domains. Typically, you will see benign domains like gmail.com, googlemail.com, and other subdomains of legitimate senders. Occasionally, you’ll see large volumes from other sources, which could be benign or fraud. Investigating these can improve your email delivery.

Does DMARC and email deliverability seem too complicated?

MxToolbox Experts are here with a Managed Services approach to your email configuration issues.