Methodology – How InboxReady Checks SPF, DMARC & Headers
InboxReady runs read-only checks against your domain's DNS and public configuration. We do not modify DNS, send email on your behalf, or store your data beyond what's needed to show scan results and (if you sign up) to monitor your domain.
SPF checks
We look up the TXT record(s) for the domain you scan (or the subdomain you specify). We parse the SPF record for syntax, resolve include: mechanisms, and count DNS lookups. We flag permerror (e.g. over 10 lookups, invalid syntax) and temperror (transient DNS failure). We do not publish or change any TXT records.
DMARC checks
We look up the TXT record at _dmarc.<domain>. We validate syntax, policy (p=), subdomain policy (sp=), and report addresses (rua, ruf). We evaluate alignment against the domain you're scanning. We do not send DMARC reports or modify any records.
Headers and List-Unsubscribe
For header checks (e.g. List-Unsubscribe, List-Unsubscribe-Post), we use the raw headers you optionally paste from an email, or we do not infer headers from DNS. We do not send test emails or access your mailboxes. When we report on headers, it's from data you provide or from our scan of public DNS only.
Alignment with provider requirements
Our checks are aligned with what Gmail, Yahoo, and Microsoft use for sender authentication and bulk-sender requirements: SPF (and/or DKIM), DMARC with a defined policy, and List-Unsubscribe where applicable. We do not guarantee that passing our checks guarantees inbox placement; we surface the same signals these providers use so you can fix issues before they affect deliverability.
Read-only, no DNS changes
We never create, edit, or delete DNS records on your domain. We never send email from your domain or on your behalf. Scans and monitoring only read public DNS and (when you provide them) headers. You retain full control of your DNS and email configuration.