Bulk Email Deliverability Checker 📧 — MX, SPF, DKIM, DMARC & BIMI

Check email deliverability for thousands of domains in a single run. This bulk email deliverability checker queries every domain's DNS records for MX (mail servers), SPF (sender policy), DKIM (signing keys), DMARC (spoofing protection) and BIMI (brand logos) — the five pillars of email deliverability. Each domain gets a detailed report with pass/fail per protocol, a parsed policy breakdown, and a numeric 0–100 deliverability score with A+ to F grading.

Paste a list of domains and the actor resolves all DNS records in parallel via DNS-over-HTTPS. A single domain with full email config yields a rich row with MX server lists, SPF includes and policy, 30+ probed DKIM selectors, DMARC tags and BIMI SVG URL.

Looking for an email deliverability checker, a bulk SPF/DMARC audit tool, a DKIM record finder, a BIMI checker, or a free email authentication scanner? This actor does all five protocols at scale.

---

✨ Key features

• 📬 5-protocol audit — MX, SPF, DKIM, DMARC and BIMI checked in a single run per domain.
• 🎯 Numeric score (0–100) — each protocol carries a weight (MX=25, SPF=25, DMARC=25, DKIM=15, BIMI=8). Graded A+ to F.
• 🧩 Deep SPF parse — extracts the enforcement policy (+all/~all/-all/?all), counts DNS lookups (RFC limit is 10!), and lists all include: mechanisms.
• 🔑 DKIM selector discovery — probes 31 common selectors (google, sendgrid, mailgun, docusign, microsoft, etc.) and reports which ones exist.
• 📜 Full DMARC tag parse — p (policy), pct (percentage), rua (aggregate reports), ruf (forensic reports), sp (subdomain policy).
• 🖼️ BIMI check — queries default._bimi.<domain> and extracts the SVG logo URL if present.
• 📋 Issues list — human-readable problems found per domain (e.g. "No DMARC record — no protection against domain spoofing").
• ⚡ High concurrency — configurable parallel DNS queries (default 10, up to 100).
• 🔑 No API key — uses public DNS-over-HTTPS (Cloudflare + Google fallback).

💡 Use cases

• Cold email campaign prep — audit the email infrastructure of your prospect list before sending; flag domains with no MX or weak SPF.
• Email deliverability consulting — run bulk audits for clients, generate scores, and sell remediation plans.
• Brand protection — find domains in your portfolio that lack DMARC or have weak policies (p=none).
• Compliance & security — SPF/DKIM/DMARC are now table stakes for Google/Yahoo bulk sender requirements (2024+).
• M&A due diligence — assess the email security posture of an acquisition target's domain portfolio.
• Domain broker / portfolio management — scan parked and managed domains for email readiness.

📦 What you get

Each row in the dataset is one domain's full deliverability report:

Field	Description
domain	The checked domain
deliverabilityScore	Overall score from 0 to 100
grade	Letter grade: A+, A, B, C, D, F
hasMx	true/false — MX records exist
mxRecords	Comma-separated MX entries (e.g. 10 aspmx.l.google.com, 20 alt1.aspmx.l.google.com)
mxCount	Number of MX records
hasSpf	true/false — valid SPF record exists
spfRaw	Raw SPF TXT value
spfPolicy	Enforcement policy: hardfail (-all), softfail (~all), neutral (?all), fail (+all)
spfIncludes	Comma-separated list of SPF include: domains
spfLookupCount	Number of DNS lookups the SPF record triggers
hasDmarc	true/false — DMARC record at _dmarc.<domain>
dmarcRaw	Raw DMARC TXT value
dmarcPolicy	DMARC policy: none, quarantine, reject
dmarcPct	Percentage of mail subjected to the policy
dmarcRua	Aggregate report URI
dmarcRuf	Forensic report URI
dmarcSubdomainPolicy	Subdomain policy (sp tag)
hasDkim	true/false — at least one DKIM selector found
dkimSelectorsFound	Comma-separated list of selectors with valid DKIM records
dkimSelectorsChecked	All 31 selectors that were probed
hasBimi	true/false — BIMI record at default._bimi.<domain>
bimiRaw	Raw BIMI TXT value
bimiSvgUrl	BIMI logo SVG URL if found
passCount	Number of protocols with a passing config (0–5)
totalChecks	Always 5
issues	Semicolon-separated list of problems found
resolver	Which DNS resolver answered (cloudflare or google)
checkedAt	ISO 8601 timestamp

Example output

[
  {
    "domain": "stripe.com",
    "deliverabilityScore": "95",
    "grade": "A+",
    "hasMx": "true",
    "mxRecords": "10 aspmx.l.google.com, 20 alt1.aspmx.l.google.com, 30 alt2.aspmx.l.google.com",
    "mxCount": "3",
    "hasSpf": "true",
    "spfRaw": "v=spf1 include:_spf.google.com include:_spf.stripe.com -all",
    "spfPolicy": "hardfail (-all)",
    "spfIncludes": "_spf.google.com, _spf.stripe.com",
    "spfLookupCount": "2",
    "hasDmarc": "true",
    "dmarcRaw": "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc@stripe.com",
    "dmarcPolicy": "reject",
    "dmarcPct": "100",
    "dmarcRua": "mailto:dmarc@stripe.com",
    "hasDkim": "true",
    "dkimSelectorsFound": "google, mailgun",
    "hasBimi": "true",
    "bimiSvgUrl": "https://bimi.stripe.com/logo.svg",
    "passCount": "5",
    "totalChecks": "5",
    "issues": null,
    "resolver": "cloudflare",
    "checkedAt": "2026-06-24T12:00:00.000Z"
  }
]

🚀 How to use it

1. Click Try for free / Start.
2. Paste your list of domains into Domains — one per line (example.com or https://example.com, both work).
3. (Optional) Adjust Max Concurrency for large lists and keep Proxy enabled.
4. Click Save & Start, then export the dataset as JSON, CSV, Excel or via API.

⚙️ Input

Field	Type	Description	Default
domains	array (required)	Domains to check email deliverability for. Schemes and paths stripped automatically.	–
maxConcurrency	integer	Parallel DNS queries. Higher is faster but may hit rate limits.	10 (max 100)
proxyConfiguration	object	Proxy used for DNS-over-HTTPS requests.	Apify Proxy (datacenter)

Example input

{
  "domains": ["stripe.com", "github.com", "mailchimp.com", "shopify.com"],
  "maxConcurrency": 10,
  "proxyConfiguration": { "useApifyProxy": true }
}

🔍 How it works

For each domain, the actor runs a series of DNS-over-HTTPS queries against Cloudflare (cloudflare-dns.com) with an automatic Google (dns.google) fallback:

1. MX — queries type MX, parses priority + hostname.
2. SPF — queries type TXT, finds the record starting v=spf1, parses policy and includes.
3. DMARC — queries type TXT at _dmarc.<domain>, parses all DMARC tags.
4. DKIM — queries type TXT at <selector>._domainkey.<domain> for 31 common selectors (google, sendgrid, mailgun, microsoft, docusign, etc.).
5. BIMI — queries type TXT at default._bimi.<domain>, extracts SVG URL.

Each protocol contributes to the deliverability score: MX=25, SPF=25 (hardfail policy gets full points), DMARC=25 (reject policy gets full points), DKIM=15, BIMI=8. Bonus: +2 if ≥2 MX records (redundancy).

🧰 Tips & best practices

• Run on your own domain first to see what a "good" score looks like — then benchmark prospects and vendors.
• Filter by deliverabilityScore ascending to prioritize domains with the worst email infrastructure.
• Filter by dmarcPolicy: "none" to find domains vulnerable to exact-domain spoofing.
• Check spfLookupCount — values > 10 violate the SPF RFC and may cause authentication failures.
• The DKIM selector list is comprehensive but not exhaustive; custom selectors won't be found unless they match common names.
• Export to CSV and share the report with non-technical stakeholders as an email security scorecard.

❓ FAQ

How do I check email deliverability for many domains?

Paste your full domain list and run the actor. It checks MX, SPF, DKIM, DMARC and BIMI for every domain via DNS-over-HTTPS and returns one row per domain with a score.

What's the difference between this and a regular DNS lookup?

This actor goes beyond raw DNS — it parses SPF policies, finds DKIM selectors by probing common names, parses DMARC tags, checks BIMI, calculates a deliverability score, and flags specific issues in human-readable form.

Does it check email addresses or mailboxes?

No — this is a domain-level email deliverability audit. It checks the DNS configuration that determines whether email from (or to) a domain will be delivered, not individual mailbox validity. For email address verification, see our Bulk Email Verifier.

Which DKIM selectors are probed?

31 common selectors: google, default, dkim, selector1, selector2, mail, s1, s2, k1, k2, key1, key2, amazonses, sendgrid, mailgun, mandrill, sparkpost, postmark, mimecast, proofpoint, docusign, zendesk, hubspot, salesforce, pm, protonmail, protonmail2, protonmail3, ms365, microsoft, outlook.

Can I export deliverability reports to CSV?

Yes — each domain is one row with columns for every protocol, score, grade and parsed policies. Download as CSV, JSON or Excel, or pull through the REST API.

🔗 Related actors by the same author

• Bulk DNS Records Lookup — raw DNS record resolver (A, AAAA, MX, TXT, NS, CNAME, SOA, CAA) via DNS-over-HTTPS.
• Bulk Email Verifier — validate individual email addresses (syntax, SMTP, catch-all detection).
• Bulk SSL Certificate Checker — SSL/TLS certificate inspection for domains.
• Bulk WHOIS / RDAP Lookup — domain registration, registrar and expiry data.

📝 Changelog

2026-06-24

• Initial release — 5-protocol email deliverability audit (MX, SPF, DKIM, DMARC, BIMI), weighted scoring, 31 DKIM selectors probed, no API key, CSV/JSON export.