Email deliverability

Diagnose why a domain's email lands in spam: SPF posture, DMARC policy, DKIM key strength, MX targets, and a composite 0–100 score.

When to use this pack

Marketing or transactional email is landing in spam, or you're rolling out a new sending domain and want to verify the auth posture before the first campaign.

Tools in this pack

• SPF check $0.003 POST /api/spf-check Fetch and validate a domain's SPF record (RFC 7208). Parses mechanisms (ip4/ip6/include/a/mx/all), counts DNS lookups against the famous 10-lookup limit, and flags the qualifier on `all` (-/fail, ~/softfail, ?/neutral). The first stop when an email is hitting the spam folder.
• DMARC check $0.003 POST /api/dmarc-check Fetch and validate a domain's DMARC policy at _dmarc.<domain> (RFC 7489). Surfaces the enforcement policy (none/quarantine/reject), reporting addresses, alignment modes, and common misconfigs (no rua, p=none stuck for months, percent <100). Pair with SPF and DKIM for full Feb-2024 sender-rule compliance.
• DKIM key lookup $0.003 POST /api/dkim-lookup Fetch and parse a DKIM public-key record at <selector>._domainkey.<domain> (RFC 6376). Returns the parsed key params (algorithm, length, flags) so you can verify rotation status or key strength. Caller must know the selector — use email-deliverability if you don't.
• Email deliverability check $0.005 POST /api/email-deliverability End-to-end email-auth report for a domain: SPF + DMARC + DKIM (probes common selectors automatically) + MX records + score 0–100. The one call to make when 'why is our mail going to spam?' lands in your inbox.
• Email validate $0.002 POST /api/email-validate Validate an email address: syntax check plus live MX record lookup on the domain (deliverability signal, not a guarantee).
• DNS lookup $0.002 POST /api/dns-lookup Resolve any DNS record type for a host: A, AAAA, MX, TXT, CNAME, NS, SOA, CAA, SRV, PTR. Returns the records plus a count. Built on Node's native resolver — no external API.

Workflow

1. Parse the SPF record — the tool flags the most common failures (>10 DNS lookups, +all permissive directive, syntax errors).
2. Parse the DMARC policy — p=none means receivers ignore SPF/DKIM failures, which usually explains a 'we set it all up but it still goes to spam' problem.
3. Probe 14 common DKIM selectors and warn on <1024-bit keys and testing-mode (t=y) records. Most sending platforms publish under a predictable selector this catches.
4. Run the composite deliverability score (25 points each for SPF + DMARC + DKIM + MX) for a single integer to report back to the team.
5. Validate a single recipient address with email-validate to confirm the MX is actually reachable.
6. Spot-check the MX records with dns-lookup type=MX to verify the chain matches the sending platform's documented setup.

Run it in Claude

claude mcp add agent402 -s user -- npx -y agent402-mcp@latest

Then paste this prompt into Claude:

Diagnose email deliverability for sender@example.com. Use Agent402 to check SPF, DMARC, DKIM (probe common selectors), and the composite email-deliverability score. If the score is below 75, explain which auth records are missing or weak and how to fix each one.

← All skill packs