Enter a domain or email address to run a full health check
Live DNS lookups via Google and Cloudflare DoH resolvers. Disposable detection via multiple independent databases. Nothing is stored or logged.
What this tool checks
Free email health check — test email domain deliverability and authentication
An email domain is considered healthy when it can receive mail, has authentication records that prove senders are legitimate, and is not associated with disposable or throwaway providers. These factors collectively determine how much trust mail servers and spam filters extend to messages from that domain — and therefore whether they reach the inbox.
This tool runs five independent checks in a single pass using live DNS lookups: MX records confirm the domain has an active mail server; SPF defines which servers are authorised to send on its behalf; DMARC specifies what to do when authentication fails; DKIM verifies email hasn't been tampered with in transit; and disposable detection flags temporary inbox providers. A weighted score out of 100 and an A–F grade summarise the result.
The tool also provides specific fix recommendations for each failed check — not just a pass/fail signal. Whether you're auditing your own domain's configuration, validating a contact's address before outreach, or troubleshooting deliverability problems, each result tells you exactly what to fix.
What this tool does
MX Records (20pts)
Verifies the domain has mail exchange records — without these, no email can be delivered to the domain.
SPF Record (25pts)
Checks whether the domain has an SPF TXT record and rates the 'all' qualifier: -all (full), ~all (partial), +all (fail).
DMARC Record (25pts)
Checks whether a DMARC policy exists and rates it: p=reject (full), p=quarantine (partial), p=none (minimal).
DKIM Record (20pts)
Looks up the DKIM public key at {selector}._domainkey.{domain} — requires you to know the selector in use.
Disposable (10pts)
Checks Kickbox and a curated domain list to determine if the domain is a known temporary/throwaway provider.
Grade A (90–100)
MX present, SPF with -all, DMARC with reject or quarantine, DKIM key found, not disposable.
Grade B (75–89)
All checks pass but with softfail SPF (~all) or quarantine DMARC rather than the strictest settings.
Grade F (<35)
Missing MX records, no SPF or DMARC, or confirmed disposable domain.
Grade reference
A90–100Excellent
B75–89Good
C55–74Fair
D35–54Poor
F0–34Critical
ExamplesGrade AGrade CGrade FGrade F
Email health check examples — what different domain configurations score
These examples illustrate how different authentication configurations affect the health grade.
user@apple.com
Major tech company — full authentication stack. MX active, SPF -all, DMARC p=reject, DKIM published.
MX ✓SPF ✓DMARC ✓DKIM ✓
hello@startup.io
Typical startup — has MX and SPF with ~all, DMARC p=none (monitoring only), no DKIM selector entered.
MX ✓SPF ~DMARC ~DKIM –
test@mailinator.com
Known disposable email provider — has MX records but flagged as temporary inbox service.
MX ✓SPF ✓Disposable ✗
bounce@expired-domain.com
Expired or parked domain — no MX records. Any email sent here will bounce permanently.
MX ✗SPF ✗DMARC ✗
FAQ
Frequently asked questions about email health checks
What is an email health check?
An email health check is a comprehensive audit of an email domain's DNS configuration. It verifies that the domain has MX records (can receive email), a valid SPF record (authorises legitimate senders), a DMARC record (enforces authentication policy), a DKIM public key (enables cryptographic signing), and that the domain is not a known disposable provider. The results are scored and graded A–F to give a quick overall assessment.
What does each check score?
MX records are worth 20 points (domain must be able to receive mail). SPF is worth 25 points — full points for -all enforcement, partial for ~all, minimal for +all. DMARC is worth 25 points — full for p=reject, slightly less for p=quarantine, partial for p=none. DKIM is worth 20 points if a valid public key is found at the selector provided. Disposable status is worth 10 points. The total out of 100 determines the grade.
What is a DKIM selector and where do I find it?
A DKIM selector is a label you choose when setting up DKIM signing — it forms part of the DNS record name (selector._domainkey.yourdomain.com). Common selectors are 'google', 'default', 'k1', 'mail', 'smtp', or a date string. You can find the selector your domain uses in the DKIM-Signature header of any email you've sent, in the 's=' field. It's also in your email provider's DNS setup documentation.
Why is my score not 100 even though my domain has SPF and DMARC?
The most common reasons: SPF uses ~all instead of -all (scoring 18/25 instead of 25/25), DMARC uses p=none instead of p=quarantine or p=reject (scoring 10/25 instead of 25/25), or no DKIM selector was entered so the DKIM check scores 0/20. Entering your DKIM selector and strengthening SPF and DMARC to their strictest settings will bring most domains to Grade A.
What does SPF -all vs ~all mean?
The 'all' mechanism at the end of an SPF record determines what happens to mail from unauthorised senders. -all (hard fail) instructs receiving servers to reject unauthorised mail outright. ~all (soft fail) instructs them to accept but mark or flag it. +all (pass all) allows any server to send as your domain, which is dangerously permissive and should never be used. For the best deliverability and security, use -all.
What is DMARC p=none and why is it a problem?
p=none means the domain has published a DMARC record for monitoring purposes but has not enabled enforcement. Emails that fail SPF and DKIM checks are still delivered normally — the p=none policy just reports failures to the rua address without taking action. It provides visibility but no protection. Moving to p=quarantine (spam folder) or p=reject (block) is required for genuine protection against spoofing.
What should I do if the domain has no MX records?
Without MX records, the domain is technically incapable of receiving email — any message sent there will bounce with a permanent delivery failure. If you own the domain, add MX records through your DNS provider pointing to your mail server or hosted email service. If you're checking someone else's domain, any email address at that domain is effectively undeliverable. Add MX records pointing to your mail provider before using the domain for any email communication -- without them, all sent messages will bounce.
What is a disposable email domain?
Disposable email providers offer temporary inboxes that are created on demand and expire automatically — often within minutes or hours. Services like Mailinator, Guerrilla Mail, and Temp Mail are examples. For organisations collecting email addresses (for newsletters, accounts, or campaigns), accepting disposable addresses leads to bounces, undeliverable mail, and inflated list metrics. This check uses multiple independent databases to detect known disposable providers.
Is this tool suitable for bulk email validation?
This tool is designed for manual spot-checking individual domains and addresses. It performs live DNS lookups which are not rate-limited for bulk use. For validating large email lists (thousands of addresses), a dedicated bulk email verification service that handles rate limiting, SMTP verification, and list processing at scale would be more appropriate. For single address checks and pre-send verification, this tool is ideal -- for bulk validation of thousands of addresses, a dedicated API service is more efficient.
Does this tool store my queries?
No. All DNS queries are made directly from your browser to Google's and Cloudflare's DNS over HTTPS resolvers. The disposable domain check queries Kickbox's open API and a public GitHub-hosted domain list. No data is transmitted to or stored on best-tempmail.com servers. The domain you check and the results are not logged or retained. All DNS queries run from your browser via Cloudflare DoH -- no data about the domains or email addresses you check is stored on any server.
Related Email & DNS Tools
Keep your real email out of risky signups.Generate a free disposable address — zero signup, zero trace.
Get Free Temp Mail ->