This report checks whether neverssl.com is set up so its email reaches the inbox instead of spam. It inspects the domain's SPF, DKIM, DMARC and MX records over public DNS — no mail is sent. neverssl.com currently scores 8/100 (grade F).
Publish a TXT record at _dmarc.neverssl.com to start in monitoring mode: v=DMARC1; p=none; rua=mailto:dmarc@neverssl.com
Publish a TXT record at the root of neverssl.com: v=spf1 include:_spf.your-provider.com ~all
Enable DKIM signing in your mail platform and publish the key it gives you. If you already use a custom selector, re-run with --selectors <name> to confirm.
Add an MX record pointing to your mail provider, e.g. neverssl.com. IN MX 10 mx.your-provider.com.
No MX records found. This domain cannot receive email, and many providers treat a missing MX as a strong spam signal.
Add an MX record pointing to your mail provider, e.g. neverssl.com. IN MX 10 mx.your-provider.com.
No SPF record found. Receivers cannot verify which servers are allowed to send as your domain — a top reason mail is marked as spam or spoofed.
Publish a TXT record at the root of neverssl.com: v=spf1 include:_spf.your-provider.com ~all
No DMARC record found. Without DMARC, receivers have no instruction on what to do with mail that fails SPF/DKIM, and you get zero visibility into who is spoofing you. From 2024, Google and Yahoo require DMARC for bulk senders.
Publish a TXT record at _dmarc.neverssl.com to start in monitoring mode: v=DMARC1; p=none; rua=mailto:dmarc@neverssl.com
No DKIM key found on any common selector. Your mail may still be signed with a custom selector we could not guess — but if it is not, receivers cannot cryptographically verify your messages.
Enable DKIM signing in your mail platform and publish the key it gives you. If you already use a custom selector, re-run with --selectors <name> to confirm.
No MTA-STS, TLS-RPT or BIMI found. These are optional but boost security and, for BIMI, show your logo in the inbox.
Consider MTA-STS (enforce TLS), TLS-RPT (TLS failure reports), and BIMI (brand logo in Gmail/Apple Mail) once SPF/DKIM/DMARC are solid.