Free Domain Validator — Check Domain Authenticity in Seconds
Live MX, SPF, DMARC, and NS record lookups against authoritative nameservers. Catch deliverability issues before you launch a campaign.
TL;DR
Paste any domain (e.g. example.com) and we'll run live DNS checks for MX (mail servers), NS (nameservers), SPF (sender authentication), and DMARC (anti-spoofing policy). Results in under 2 seconds, with a 0-100 deliverability score and actionable notes. 25 free checks per day per IP. No signup. We do not check DKIM (requires per-selector lookup) or domain blacklists (requires a paid API).
25 of 25 free checks remaining today
Why domain validation matters
A domain's DNS configuration tells you almost everything you need to know about its email legitimacy. MX records reveal where mail is delivered, SPF and DMARC define how the domain protects itself against spoofing, and NS records confirm the domain is actively managed. A B2B prospect domain missing all four of these is either inactive, internal-only, or a high-risk target for any outbound campaign.
Starting in 2024, Gmail and Microsoft began rejecting outbound mail from any sender domain without valid SPF and DMARC records. Validating your own sending domains is now table stakes — and validating prospect domains before a campaign is the cheapest insurance against bounce spikes and sender reputation damage. For deeper reading, see our domain verification glossary entry or email deliverability primer.
How it works
- 1
Domain syntax check
We validate the input against DNS naming rules — labels, length limits, and a valid TLD.
- 2
NS lookup
We resolve the domain's nameservers to confirm it's actively managed.
- 3
MX lookup
We query the authoritative nameservers for mail exchange records and return them sorted by priority.
- 4
SPF + DMARC TXT lookup
We fetch TXT records at the domain root and at _dmarc.<domain> to read sender authentication and anti-spoofing policy.
Not checked: DKIM (requires a per-selector lookup we can't guess), WHOIS / registrar metadata (would require an external API), and domain blacklist reputation (requires a paid API). We'd rather skip a check than fake it.
“Most outbound campaigns fail at the DNS layer before a single email is even sent. If your prospect's domain has no SPF and no DMARC, your reply rate will be cut in half by spam filters. We built this validator so any GTM team can spot-check a domain in 2 seconds — no API, no signup, no excuses.”
Frequently Asked Questions
What does the domain validator check?
+
Five live DNS checks: (1) MX records (which mail servers handle the domain's email), (2) NS records (whether the domain has authoritative nameservers), (3) SPF (TXT record starting with v=spf1, used for sender authentication), (4) DMARC (TXT record at _dmarc.<domain> defining the anti-spoofing policy), and (5) the domain's overall syntax. We do not check DKIM (it requires a per-selector lookup) or domain blacklists (they require a paid API).
Is this the same as a WHOIS lookup?
+
No. WHOIS shows registrar metadata and ownership history. This tool inspects the live DNS configuration that determines email deliverability and basic legitimacy. For most B2B sales and marketing use cases, the DNS picture matters more than registrar metadata.
Why do SPF and DMARC matter for B2B teams?
+
If a prospect's domain has no SPF or DMARC, mail you send to them is more likely to land in their spam folder, and any reply you receive may be spoofed. If your own domain has no SPF / DMARC, Gmail and Microsoft will start rejecting your outbound mail entirely starting in 2024. Validating these records before launching a campaign is now table stakes.
How accurate is this tool?
+
DNS responses are deterministic — if the records exist on the authoritative nameservers, we'll find them. The tool's interpretation is also conservative: a missing SPF or DMARC is flagged as a warning, not an error, because some domains (like internal-only ones) legitimately don't need them.
Is there a usage limit?
+
Yes — 25 free domain checks per IP per day. After that the tool prompts you to sign up for a Cleanlist account, which includes 30 free credits and bulk domain validation through the API.
Can this detect malicious or phishing domains?
+
Indirectly. A brand-new domain with no DMARC, no SPF, and only a single MX record on a free hosting provider is a strong phishing signal. We surface those signals — but for definitive threat intelligence you need a dedicated reputation API. Use this tool as a fast triage layer.
Validate domains at scale
Cleanlist's API runs MX, SPF, DMARC, and NS checks across thousands of domains in minutes — plus contact enrichment from 15+ providers. Free tier includes 30 credits.
No credit card required