Doptar™ Deliverability Doctor

Sample reports

Public-DNS-only examples of what a report looks like. No login required, no messages sent, no records changed, no personal data needed.

Check your client list in bulk · check a single domain →

Batch view

The same three domains ranked the way a bulk check presents them — highest risk first.

3Domains checked
1Urgent
1Needs work
1Healthy

Fix these first: no-protection.example (44), setup-gaps.example (75)

DomainScoreStatusTop issueTop fixIssues
no-protection.example44/100At riskSingle SPF recordMerge duplicate SPF records2 critical · 1 warning
setup-gaps.example75/100Needs workDMARC policyStrengthen your DMARC policy1 critical · 1 warning
healthy-agency.example100/100HealthyNo urgent issuesNone neededNone

Healthy domain

SPF, DKIM, DMARC and MX are all configured the way email providers expect.

100/100
Healthy

This domain's core email authentication looks healthy.

healthy-agency.example · DKIM selector: default

No urgent fixes found. Keep an eye on this as your sending setup changes.

All checks

  • Mail servers (MX)Pass

    Found 1 mail server record for this domain.

  • SPF recordPass

    An SPF record is published for this domain.

  • SPF DNS-lookup limitPass

    SPF uses about 2 DNS lookups, within the limit of 10.

    This is an estimate of top-level lookups; nested includes can add more.

  • SPF enforcementPass

    SPF ends with "-all", so servers that are not listed are rejected (hard fail).

  • Detected sending sourcesInfo

    SPF references 2 sending sources.

    Detected includes: _spf.mail-provider.example, _spf.backup-provider.example. Confirm these match the services you actually send through.

  • DMARC recordPass

    A DMARC record is published at _dmarc.healthy-agency.example.

  • DMARC policyPass

    DMARC policy is "reject" - the strongest protection.

  • DKIMPass

    A DKIM record was found for selector "default".

  • This report is based on public DNS records only.
  • No CRM login is required and no messages were sent.
  • No CRM records were changed and no DNS records were modified.
  • No personal data is needed or stored.
  • These are recommendations only. Inbox placement depends on many factors beyond DNS.

Domain with gaps

The basics exist, but an over-long SPF record and a monitor-only DMARC policy leave gaps.

75/100
Needs work

This domain has some email authentication gaps to fix.

setup-gaps.example

Top fixes

  1. Strengthen your DMARC policyA policy of "none" only monitors. Once your sources pass authentication, move to "p=quarantine" and then "p=reject".
  2. Reduce SPF DNS lookupsSPF allows at most 10 DNS lookups. Remove unused "include:" entries or flatten them so sending does not silently fail.

All checks

  • Mail servers (MX)Pass

    Found 1 mail server record for this domain.

  • SPF recordPass

    An SPF record is published for this domain.

  • SPF DNS-lookup limitAction needed

    SPF uses about 11 DNS lookups, over the limit of 10.

    Above 10 lookups SPF fails with a permanent error. This is an estimate of top-level lookups; nested includes can add more.

  • SPF enforcementPass

    SPF ends with "~all", so mail from servers that are not listed is soft-failed (marked suspicious, not rejected).

  • Detected sending sourcesInfo

    SPF references 11 sending sources.

    Detected includes: a.example, b.example, c.example, d.example, e.example, f.example, g.example, h.example, i.example, j.example, k.example. Confirm these match the services you actually send through.

  • DMARC recordPass

    A DMARC record is published at _dmarc.setup-gaps.example.

  • DMARC policyNeeds attention

    DMARC policy is "none" - it monitors only and does not yet protect this domain.

    Once your legitimate sources pass authentication, move the policy to "quarantine" and then "reject".

  • DKIMInfo

    DKIM was not checked because no selector was provided.

    DKIM records live at "<selector>._domainkey.<domain>". Enter the DKIM selector from your email provider to include this check.

  • This report is based on public DNS records only.
  • No CRM login is required and no messages were sent.
  • No CRM records were changed and no DNS records were modified.
  • No personal data is needed or stored.
  • These are recommendations only. Inbox placement depends on many factors beyond DNS.

Exposed domain

Open to spoofing: duplicate SPF records, a wide-open rule, and no DMARC at all.

44/100
At risk

This domain has serious email authentication problems.

no-protection.example

Top fixes

  1. Merge duplicate SPF recordsOnly one SPF record is allowed. Combine every "v=spf1" record into a single TXT record, then remove the extras.
  2. Publish a DMARC recordAdd a TXT record at "_dmarc.<your-domain>" starting with "v=DMARC1; p=none;" to begin monitoring, then strengthen it over time.
  3. Tighten the SPF ruleEnding SPF with "+all" lets anyone send as your domain. Use "-all" (strict) or "~all" (soft fail) instead.

All checks

  • Mail servers (MX)Pass

    Found 1 mail server record for this domain.

  • SPF recordPass

    An SPF record is published for this domain.

  • Single SPF recordAction needed

    More than one SPF record was found, which breaks SPF entirely.

    Receivers ignore SPF when a domain has multiple records. Merge them into one record beginning with "v=spf1".

  • SPF DNS-lookup limitPass

    SPF uses about 1 DNS lookup, within the limit of 10.

    This is an estimate of top-level lookups; nested includes can add more.

  • SPF enforcementNeeds attention

    SPF ends with "+all", which lets any server send as this domain.

    Use "-all" (strict) or "~all" (soft fail) so unauthorized servers are not allowed to send as this domain.

  • Detected sending sourcesInfo

    SPF references 1 sending source.

    Detected includes: mailer.example. Confirm these match the services you actually send through.

  • DMARC recordAction needed

    No DMARC record was found at _dmarc.no-protection.example.

    DMARC tells receivers what to do with mail that fails authentication and gives you visibility into spoofing.

  • DKIMInfo

    DKIM was not checked because no selector was provided.

    DKIM records live at "<selector>._domainkey.<domain>". Enter the DKIM selector from your email provider to include this check.