What validation tools do you use?

JoshData · March 4, 2020, 11:48am

Hi all,

We often recommend checking that boxes are set up correctly using live validation tools that have been developed by other people. What tools do you use? Here are some:

I’ve updated this post to include all of the tools mentioned in the comments below as of July 2020.

TLS

Check that your TLS certificates and settings are secure:

https://www.ssllabs.com/ssltest/analyze.html
https://www.whynopadlock.com
https://www.htbridge.com/ssl
CAA Record Generator and https://caatest.co.uk (CAA record helpers)

DNS

https://dnschecker.org DNS Propagation Checker
https://dnsviz.net

DNSSEC & DANE

If you have DNSSEC enabled, check that senders will be able to validate your DNS entries:

https://dnssec-analyzer.verisignlabs.com
http://viewdns.info/dnssec/
https://www.huque.com/bin/danecheck-smtp
https://dane.sys4.de/

Web

https://www.htbridge.com/websec
https://tools.geekflare.com/tools/http-header-test

Professional Tools

https://www.tenable.com/products/nessus/nessus-professional

never · March 4, 2020, 4:58pm

Hi Josh - thanks for all your work!

I use:
https://dnssec-analyzer.verisignlabs.com/
https://dkimvalidator.com/
https://www.ssllabs.com/ssltest/
https://www.whatsmydns.net/
https://pingability.com/zoneinfo.jsp

Peculiar as with the tools I use, DNSSEC checks come out ok, but with your tools it tells me everything is insecure and that my domains aren’t in a zone!?

I also get regular errors with DKIM

Greg · March 5, 2020, 12:16am

I’ll periodically do credentialed scans on the box with Nessus.

just4t · March 5, 2020, 10:49am

Here my collection:

Validation Tools:

FREE WEB Services:

Hope this helps.

openletter · March 5, 2020, 2:47pm

I once was rejected by AT&T for being on a blacklist that the more popular blacklist providers did not have me listed on.

I discovered it was a blacklist that blocks IP addresses that have never before been used for sending mail, though now I’ve forgotten which one it was (it was very easy to get off of).

The way I found it was with this site:

https://dnsbl.info

JoshData · March 9, 2020, 12:34pm

Very helpful, all.

Maybe someone can making a nice list with some descriptions of each service and prioritize the ones that are most helpful. We can add it to our setup guide / website.

roddy · March 11, 2020, 8:18am

Very good for DNSSEC: https://dnsviz.net/

JoshData · May 4, 2020, 11:48am

This topic was automatically closed after 61 days. New replies are no longer allowed.

just4t · March 18, 2021, 9:01pm

● IP Blacklist Check

openletter · September 26, 2021, 12:42pm

I find GWhois.org useful for certain DNS and WHOIS checks. The site does not cache any records, so every lookup is resolved from root servers. It was created before RFC 8482 was published and I don’t think the developer is going to rewrite the code (which is on GitHub) to work around this limitation.

Most of the popular DNS providers do not answer to ANY requests, but MiaB does, and this is where it is a very useful tool to quickly view most of the records of concern when troubleshooting, and since everything is resolved there is no need to wait for records to “propagate”.

When I don’t have access to command line or want a quick second opinion from a different IP address, I use DNSQueries because it has almost every lookup I’ve ever needed built into a PHP interface.

S4_Hosting · September 27, 2021, 6:28am

internet.nl is another nice tool for checking both web servers and mail servers are meeting modern standards, IPv6, secure TLS, DANE, etc.

KiekerJan · September 27, 2021, 7:32pm

I like Zonemaster for ipv4 and ipv6 dns server checking.

topcoder · October 3, 2024, 12:12am

Here’s a new one that I wrote Mail Tester: Free Email Spam Checker - Email Deliverability Tester. It also checks for Can Spam Compliance.

What validation tools do you use?

Server Status/Uptime

Outgoing Mail (i.e. Will your emails be received?)

Other DNS record checks

TLS

DNS

DNSSEC & DANE

Web

Professional Tools