What validation tools do you use?

Hi all,

We often recommend checking that boxes are set up correctly using live validation tools that have been developed by other people. What tools do you use? Here are some:

I’ve updated this post to include all of the tools mentioned in the comments below as of July 2020.

Server Status/Uptime

https://pingability.com/zoneinfo.jsp
http://ipv6-test.com/validate.php IPv6 test

Outgoing Mail (i.e. Will your emails be received?)

https://www.mail-tester.com (checks SPF, DKIM, DMARC, blacklists, etc.)
http://mxtoolbox.com
https://dnsbl.info
https://dkimvalidator.com (DKIM, SPF validator)
https://talosintelligence.com/reputation_center/lookup IP reputation ckeck
http://isnotspam.com

Other DNS record checks

https://stopemailfraud.proofpoint.com/spf/ SPF Check
http://www.protodave.com/tools/dkim-key-checker/ DKIM Key Check
https://dmarcian.com/dmarc-inspector/ DMARC Inspector
http://dkimcore.org/tools/

TLS

Check that your TLS certificates and settings are secure:

https://www.ssllabs.com/ssltest/analyze.html
https://www.whynopadlock.com
https://www.htbridge.com/ssl
https://sslmate.com/caa and https://caatest.co.uk (CAA record helpers)

DNS

https://www.whatsmydns.net
https://dnschecker.org DNS Propagation Checker
https://dnsviz.net

DNSSEC & DANE

If you have DNSSEC enabled, check that senders will be able to validate your DNS entries:

https://dnssec-analyzer.verisignlabs.com
http://viewdns.info/dnssec/
https://www.huque.com/bin/danecheck-smtp
https://dane.sys4.de/

Web

https://www.htbridge.com/websec
https://tools.geekflare.com/tools/http-header-test

Professional Tools

4 Likes

Hi Josh - thanks for all your work!

I use:
https://dnssec-analyzer.verisignlabs.com/
https://dkimvalidator.com/
https://www.ssllabs.com/ssltest/
https://www.whatsmydns.net/
https://pingability.com/zoneinfo.jsp

Peculiar as with the tools I use, DNSSEC checks come out ok, but with your tools it tells me everything is insecure and that my domains aren’t in a zone!?

I also get regular errors with DKIM

1 Like

I’ll periodically do credentialed scans on the box with Nessus.

Here my collection:

Validation Tools:

FREE WEB Services:

Hope this helps.

3 Likes

I once was rejected by AT&T for being on a blacklist that the more popular blacklist providers did not have me listed on.

I discovered it was a blacklist that blocks IP addresses that have never before been used for sending mail, though now I’ve forgotten which one it was (it was very easy to get off of).

The way I found it was with this site:

https://dnsbl.info

Very helpful, all.

Maybe someone can making a nice list with some descriptions of each service and prioritize the ones that are most helpful. We can add it to our setup guide / website.

Very good for DNSSEC: https://dnsviz.net/

This topic was automatically closed after 61 days. New replies are no longer allowed.