What validation tools do you use?

Hi all,

We often recommend checking that boxes are set up correctly using live validation tools that have been developed by other people. What tools do you use? Here are some:

Outgoing Mail

https://www.mail-tester.com/ (checks SPF, DKIM, DMARC, blacklists)

Web

Qualys SSL Server Test - https://www.ssllabs.com/ssltest/analyze.html (checks TLS settings)

Incoming Mail

If you have DNSSEC enabled:

Check a DANE SMTP Service - https://www.huque.com/bin/danecheck-smtp

DANE SMTP Validator - https://dane.sys4.de/

2 Likes

Hi Josh - thanks for all your work!

I use:
https://dnssec-analyzer.verisignlabs.com/
https://dkimvalidator.com/
https://www.ssllabs.com/ssltest/
https://www.whatsmydns.net/
https://pingability.com/zoneinfo.jsp

Peculiar as with the tools I use, DNSSEC checks come out ok, but with your tools it tells me everything is insecure and that my domains aren’t in a zone!?

I also get regular errors with DKIM

1 Like

I’ll periodically do credentialed scans on the box with Nessus.

Here my collection:

Validation Tools:

FREE WEB Services:

Hope this helps.

2 Likes

I once was rejected by AT&T for being on a blacklist that the more popular blacklist providers did not have me listed on.

I discovered it was a blacklist that blocks IP addresses that have never before been used for sending mail, though now I’ve forgotten which one it was (it was very easy to get off of).

The way I found it was with this site:

https://dnsbl.info

Very helpful, all.

Maybe someone can making a nice list with some descriptions of each service and prioritize the ones that are most helpful. We can add it to our setup guide / website.

Very good for DNSSEC: https://dnsviz.net/