Email & Deliverability Monitoring
Stop email problems before they stop your business.
Email deliverability depends on a stack of DNS records, SMTP configuration, and sender reputation — any of which can silently break without notice. NetTests continuously monitors your SPF, DKIM, DMARC, MX records, and blacklist status so you catch authentication failures and deliverability issues before your messages start disappearing.
Why email deliverability breaks silently
Unlike a website outage, which is immediately visible, email deliverability problems are often invisible until significant damage has occurred. When a DMARC policy is tightened, SPF record breaks after a server change, or a sending IP lands on a major blacklist, messages don't bounce with clear error messages — they silently disappear into recipient spam folders or are rejected without notification.
The problem is compounded by the complexity of modern email authentication. A correct email setup requires a valid SPF record that accurately reflects all sending sources, a working DKIM key that matches the selector published in DNS, and a DMARC policy that aligns both. Change any piece of this stack — add a new email service provider, migrate servers, or update your DNS — and the other pieces may break without anyone noticing.
Blacklist placement is another silent killer. A single compromised account, a spam complaint spike, or a new IP address that inherited a poor reputation can land your sending IPs on blocklists used by major ISPs. Once you're listed, delivery to major email providers drops immediately — but the listing itself may not be discovered for days or weeks.
What NetTests email monitoring checks
NetTests performs scheduled checks of every DNS record involved in email authentication and delivery. For each configured domain, it queries MX records to verify mail server assignments, SPF records to validate sending policy coverage, DKIM selectors to confirm public keys are correctly published, and DMARC records to ensure policy is in place and aligned.
Blacklist monitoring runs your sending IPs and domains against an extensive list of major blocklists — including Spamhaus, SORBS, Barracuda, and dozens of others. Any new listing triggers an immediate alert, giving you the earliest possible window to investigate the cause and begin the delisting process.
SMTP probing verifies that your mail servers are accepting connections on the correct ports, presenting valid certificates for STARTTLS, and responding to EHLO with expected capabilities. Together, these checks give you a complete picture of your email infrastructure's health — not just the DNS layer.
Key features
SPF record monitoring
Verify your SPF record is valid, covers all sending sources, and hasn't been accidentally modified.
DKIM selector monitoring
Confirm DKIM public keys are correctly published in DNS and match the selectors your sending platform uses.
DMARC policy monitoring
Track your DMARC policy configuration and alert when it changes or is removed entirely.
MX record monitoring
Verify MX records are correct and that the referenced mail servers are reachable and accepting connections.
Blacklist monitoring
Check your sending IPs and domains against 50+ major blocklists and alert immediately on new listings.
SMTP connectivity checks
Verify that your mail servers accept SMTP connections, support STARTTLS, and present valid certificates.
Multi-domain management
Monitor email configuration for every domain you manage — especially useful for agencies and MSPs.
Change detection
Alert when any authentication record is modified, a selector is removed, or a new record appears unexpectedly.
Free email diagnostic tools
Run a complete email health check now and automate it with monitoring.
One-click domain scorecard covering blacklist status, mail server health, and DNS authentication records.
Consolidated MX, SPF, DMARC, and DKIM-selector lookup for a domain.
Check a domain's MX IPs against 49 IP blacklists and 9 domain blacklists.
Connect to an SMTP server, capture its banner and EHLO capabilities, and test STARTTLS.
Frequently asked questions
What is SPF and why does it need to be monitored?
Sender Policy Framework (SPF) is a DNS record that specifies which mail servers are authorized to send email on behalf of your domain. Receiving mail servers check SPF to verify that incoming messages are coming from authorized sources. An SPF record that doesn't include a new sending service — such as a marketing platform or transactional email provider — will cause messages from that service to fail SPF authentication, increasing the likelihood of being marked as spam or rejected.
What is DKIM and how does monitoring help?
DomainKeys Identified Mail (DKIM) uses cryptographic signatures to verify that email messages were authorized by the domain owner and haven't been tampered with in transit. The public key used to verify signatures is published as a TXT record in DNS under a selector subdomain. If a DKIM key is rotated on the sending platform but the DNS record isn't updated, or if the DNS record is accidentally deleted, DKIM signatures will fail and email delivery will be impacted.
What is DMARC and what policy should I use?
Domain-based Message Authentication, Reporting, and Conformance (DMARC) builds on SPF and DKIM to define what receiving mail servers should do with messages that fail authentication — report them, quarantine them, or reject them outright. The recommended progression is to start with a monitoring policy (p=none) to collect data, move to quarantine, and eventually enforce rejection (p=reject) once you are confident all legitimate sending sources are correctly authenticated.
How do I get removed from an email blacklist?
Each blacklist has its own delisting process. Most reputable blocklists offer a lookup tool and a self-service delisting form. Before requesting removal, you must resolve the underlying issue — whether it was a compromised account sending spam, a spam trap hit, or a complaint rate spike. Without resolving the root cause, you risk being relisted shortly after delisting. NetTests' blacklist monitoring alerts you to new listings immediately, giving you the maximum time to investigate and remediate.
What ports should my mail server accept connections on?
Standard mail server ports are: 25 (SMTP relay between servers — should support STARTTLS), 587 (submission port for authenticated clients — should require STARTTLS), and 465 (SMTPS — legacy SSL-only submission port). Port 25 is commonly blocked by ISPs to prevent spam from residential IP addresses. Port 993 (IMAPS) and 995 (POP3S) are used for encrypted mail retrieval.
Monitor email before your messages stop delivering
NetTests checks your SPF, DKIM, DMARC, MX records, and blacklist status on a schedule so deliverability problems surface immediately — not after days of silently lost messages.
Start monitoring free →