Marketing|Email Marketing / DevOps

Email Deliverability Monitoring

Improve inbox placement with proactive email authentication monitoring

High bounce rates and emails landing in spam hurt your sender reputation and campaign effectiveness. EdgeDNS helps you validate email authentication before issues arise.

The Challenge

Email marketers often discover SPF, DKIM, or DMARC issues only after campaigns fail. Misconfigured email authentication leads to poor deliverability, damaged sender reputation, and lost revenue.

The Solution

Use EdgeDNS to proactively monitor email authentication across all sending domains. Validate SPF records, discover DKIM selectors against ~30 common ESPs (Google Workspace, Microsoft 365, SendGrid, Mailchimp, Klaviyo, Postmark, Mailgun, Amazon SES, etc.) per [RFC 6376](https://datatracker.ietf.org/doc/rfc6376/), verify DMARC policies, run a real SMTP probe with EHLO + opportunistic TLS detection per [RFC 8314](https://datatracker.ietf.org/doc/rfc8314/), and get an overall email security score.

Endpoints Used

Combine these EdgeDNS endpoints to build this solution.

GET

/v1/security/spfTry in Playground

SPF Check: Validate SPF record syntax and DNS lookup count

GET

/v1/security/dkimTry in Playground

DKIM Check: Discover and validate DKIM keys across common selectors

GET

/v1/security/dmarcTry in Playground

DMARC Check: Verify DMARC policy and reporting configuration

GET

/v1/dns/txtTry in Playground

TXT Records: Probe ~30 common DKIM selectors in parallel (RFC 6376) and detect stale ACME challenge tokens (RFC 8555)

GET

/v1/score/emailTry in Playground

Email Score: Get an overall email security grade (A-F)

GET

/v1/dns/mxTry in Playground

MX Records: MX with sanity flags (RFC 5321 §5.1 CNAME violation, RFC 7505 Null MX, lame mail delegation), ASN + country per IP

GET

/v1/dns/mx-healthTry in Playground

MX Health: Live SMTP probe on Submission (587 with STARTTLS) and SMTPS (465) — verifies the MX accepts connections AND offers TLS per RFC 8314

Results You Can Achieve

Pre-flight authentication checks in seconds

Validate SPF, DKIM, and DMARC alignment before pressing send. The TXT endpoint probes ~30 common DKIM selectors in parallel — answering "is DKIM configured?" in one call without prior knowledge of the selector name. Typical campaign workflows go from hours of manual record review to a single API call per recipient domain.

Live SMTP probe verifies TLS posture

MX-Health opens a real TCP connection to the recipient mail server, sends EHLO, and verifies STARTTLS works. RFC 8314 (opportunistic TLS) is the modern bar for legitimate mail flow; an MX without STARTTLS is delivering mail in cleartext.

Continuous monitoring on a 30-minute cadence (Pro)

Scheduled re-scans surface SPF/DKIM/DMARC drift between sends. Free tier checks daily; Pro every 30 minutes.

Sender reputation tracked per domain over time

Per-domain authentication and DNS history shows when a record change correlated with a deliverability dip — without standing up a separate ESP integration.

Code Example

Check email authentication before sending

javascript

const response = await fetch(
  'https://api.edgedns.dev/v1/score/email?domain=example.com',
  { headers: { 'Authorization': 'Bearer YOUR_API_KEY' } }
);

const { data } = await response.json();

// Grade ranks: A=1, B=2, C=3, D=4, F=5
const gradeRank = { 'A': 1, 'B': 2, 'C': 3, 'D': 4, 'F': 5 };
const minAcceptableGrade = 'B';

if (gradeRank[data.grade] > gradeRank[minAcceptableGrade]) {
  console.warn('Email authentication needs attention:', data.recommendations);
}