Domain Monitoring

Track your email authentication health — get alerts when something breaks

What You Get

🛡️

Email Authentication

SPF, DKIM, and DMARC records checked daily. Alerts on any change — including dangerous DMARC policy downgrades.

🚫

Blacklist Monitoring

Your mail server IPs checked against 11 major DNSBLs including Spamhaus, SpamCop, and Barracuda. Alerted on listing and delisting.

🔒

Transport Security

MTA-STS, DANE, DNSSEC, and TLS-RPT records monitored for changes that could weaken your mail transport encryption.

📜

TLS Certificates

Certificate expiry dates tracked for your top MX servers. Know before your STARTTLS breaks.

📊

DMARC Report Analysis

Compliance rate tracked from aggregate reports. Alerted when compliance drops below 90% or new unauthorized senders appear.

💯

Health Score

A 0–10 score combining all checks into a single at-a-glance rating: Excellent, Good, Fair, Poor, or Critical.

How It Works

📝

Enter your domain and alert email address.

✅

Verify

Add a DNS TXT record to prove domain ownership.

📡

Monitor

Daily automated checks. Email alerts when something changes.

Monitor your domain’s SPF, DKIM, DMARC, blacklists, and MTA-STS. Continuous monitoring with alerts.

Looking for a free one-time scan? Outbound Test.

Domain Alert Email DKIM Selector (optional)

Optional. We automatically check 16 common selectors. Only needed if yours is non-standard.

What is a DKIM selector and how to find yours

A DKIM selector is the prefix used to locate your DKIM public key in DNS. Your DKIM signature header contains s=selector_name, and the public key lives at selector_name._domainkey.yourdomain.com.

Common Providers

Provider	Selector(s)
Google Workspace	google
Microsoft 365	selector1, selector2
Mimecast	mimecast
Proofpoint	proofpoint
SendGrid	sendgrid, s1
Mailchimp	mailchimp, k1
Amazon SES	amazonses
Postmark	postmark

Send an email to yourself and view the raw headers. Look for DKIM-Signature: and find the s= tag — that's your selector.Domain Scan on your domain — it discovers DKIM selectors automatically. Or check your email headers for the DKIM-Signature s= tag.

Webhook URL (optional)

Receive alerts as JSON POST to this URL. Must be HTTPS.

Why DNS verification?

We verify domain ownership to prevent abuse. Anyone could enter any domain — the TXT record proves you control this domain's DNS. The record is only needed during verification and can be removed afterward.

✅ Domain Registered

Add this DNS TXT record to verify ownership:

Record Name

Record Value

Copied!

Your DNS Provider

Add a TXT record in your DNS management panel with the record name and value shown above. TTL can be left at default.

Once verified, you'll be redirected to your monitoring dashboard where you can see your first health check results.

Checks run once every 24 hours. You'll receive an email alert within minutes of a detected change.

When Do You Get Alerted?

Record Changes

SPF record added, removed, or modified
DKIM configuration changed
DMARC record changed
DMARC policy downgraded (e.g., reject → quarantine → none)
MTA-STS record changed

Blacklists

Mail server IP listed on a blacklist
Mail server IP removed from a blacklist

DMARC Reports

7-day DMARC compliance drops below 90%
No DMARC aggregate reports received for 72+ hours
New unauthorized sender detected (>100 messages failing authentication)

Failures

Domain checks fail 3 times in a row

Frequently Asked Questions

What exactly is checked?

Every 24 hours we query your domain's DNS for: SPF record, DKIM keys (16 common selectors + yours), DMARC record and policy, MX records, MTA-STS, DANE/TLSA, DNSSEC, and TLS-RPT. We also check your mail server IPs against 11 blacklists and verify TLS certificates on your top MX hosts.

What happens if a check fails?

Transient DNS failures are expected. You're only alerted after 3 consecutive failures, reducing false alarms from temporary network issues.

Can I monitor multiple domains?

Yes. Register each domain separately. Each gets its own dashboard and alert email.

How do I stop monitoring?

Every alert email includes an unsubscribe link. Click it to permanently stop monitoring and delete your data.

What is the health score?

A 0–10 composite score based on: SPF (2 pts), DKIM (2 pts), DMARC (2 pts, policy-dependent), MX (1 pt), Blacklists (1 pt), MTA-STS (0.5 pts), DANE (0.5 pts), TLS-RPT (0.5 pts), DNSSEC (0.5 pts). Ratings: 9+ Excellent, 7+ Good, 5+ Fair, 3+ Poor, below 3 Critical.

Is this really free?

Yes. No account required, no credit card, no usage limits beyond anti-abuse rate limiting.

How long is check history kept?

Check results are retained indefinitely while monitoring is active. Unsubscribing deletes all stored data.