Corbelworks · Deliverability Tool

Cold Email Deliverability Preflight

Before you send outbound, check the two things that decide whether it lands: authentication (SPF, DKIM, DMARC) and the message itself. Paste your DNS records and your draft — every check runs locally in your browser.

No lookups leave your device. This tool can’t query DNS for you (that would need a server), so you paste the records — the commands to fetch them are shown below each box.

1 · Authentication records

Paste the actual DNS TXT records for your sending domain. Leave a box blank to skip it.

dig +short TXT yourdomain.com
dig +short TXT google._domainkey.yourdomain.com # selector varies by provider
dig +short TXT _dmarc.yourdomain.com

2 · Message copy

Paste the plain text of your email, including any merge tags like {{first_name}}.
What each check means & sources

Why authentication comes first

Mailbox providers authenticate the sender before they ever weigh the content. Since February 2024, Google and Yahoo require bulk senders to publish SPF and DKIM, have a DMARC policy on the sending domain, keep spam complaints under 0.3%, and offer one-click unsubscribe. Missing auth doesn’t just hurt your score — it can get mail rejected outright.

SPF — Sender Policy Framework

  • Must be a single TXT record beginning v=spf1. Publishing two SPF records is a permerror — providers may fail it.
  • The final all mechanism sets the default: -all (hardfail) is strongest, ~all (softfail) is the common safe choice, ?all (neutral) barely protects you, and +all authorizes the whole internet — never use it.
  • SPF is limited to 10 DNS-lookup mechanisms (include, a, mx, ptr, exists, redirect). Exceed it and evaluation returns permerror. This tool counts the lookups visible in what you paste; nested includes add more that only a live resolver sees, so treat a high count as a warning. ptr is deprecated — avoid it.
  • Reference: RFC 7208 (SPF), §5.1 (all), §4.6.4 (the 10-lookup limit).

DKIM — DomainKeys Identified Mail

  • Record should contain v=DKIM1 and a public key in p=. An empty p= means the key has been revoked.
  • Use RSA keys of at least 1024 bits; 2048 is the current recommendation. This tool estimates key size from the length of the base64 p= value (roughly 216 base64 chars ≈ 1024-bit, ~392 ≈ 2048-bit).
  • Reference: RFC 6376 (DKIM), §3.6.1 (record tags), and RFC 8301 / M3AAWG guidance recommending ≥1024-bit (2048 preferred) keys.

DMARC — alignment & policy

  • Must start with v=DMARC1 and set a policy p=. p=none only monitors (no enforcement); p=quarantine and p=reject actually protect your domain and satisfy stricter inbox rules.
  • pct= below 100 applies the policy to only part of your mail. rua= turns on aggregate reports so you can see what’s failing. adkim/aspf control alignment strictness (s = strict, r = relaxed). sp= sets the subdomain policy.
  • Reference: RFC 7489 (DMARC).

Copy linting — and its limits

  • Modern filters (Gmail, Outlook) lean far more on sender reputation and engagement than on keyword blocklists. Treat copy flags as hygiene, not a verdict — a clean sender can say “free” and land fine, while a bad-reputation sender is filtered regardless of wording.
  • Length: for cold 1:1 outreach, short wins. Roughly 50–125 words tends to read as a real personal note and gets replies; long templated pitches skim as bulk. This is an engagement/reply heuristic, not a spam-filter rule.
  • Broken merge tags: an unfilled {{first_name}} or [[company]] going out live is the fastest way to get marked as spam by a human — the tool flags leftover placeholders.
  • Links: many links, URL shorteners, and raw IP links raise risk; keep it to one or two relevant links.
  • Trigger words / shouting / punctuation: stacked money words, ALL CAPS, and !!! correlate with promotional bulk mail. The word list here is a well-known, non-exhaustive sample.
  • Opt-out: the US CAN-SPAM Act requires commercial email to include a clear opt-out and a valid physical postal address; many senders add a simple one-line opt-out to cold B2B mail as well. Reference: 15 U.S.C. §7704 (CAN-SPAM); FTC CAN-SPAM compliance guide.

Scope & honesty

This is a static preflight, not a live mail test. It cannot see your domain reputation, IP warmup, bounce rate, or how a specific provider will actually score you. After it passes, send low volume to a seed inbox and confirm inbox placement before scaling. Nothing you paste is transmitted or stored.