Free Domain Validator — Check Domain Authenticity in Seconds
Live MX, SPF, DMARC, and NS record lookups against authoritative nameservers. Catch deliverability issues before you launch a campaign.
TL;DR
Paste any domain (e.g. example.com) and we'll run live DNS checks for MX (mail servers), NS (nameservers), SPF (sender authentication), and DMARC (anti-spoofing policy). Results in under 2 seconds, with a 0-100 deliverability score and actionable notes. 25 free checks per day per IP. No signup. We do not check DKIM (requires per-selector lookup) or domain blacklists (requires a paid API).
25 of 25 free checks remaining today
Used by 1,500+ GTM teams
Who uses the free domain validator?
Teams across go-to-market rely on clean, authenticated domains. Here is where this tool fits.
Sales teams
Spot dead or risky prospect domains before reps waste a sequence on them.
Marketers
Confirm sending domains have SPF and DMARC before a campaign goes live.
Deliverability
Audit DNS records that decide whether mail lands in the inbox or spam.
Founders
Check your own domain is authenticated before emailing partners or investors.
RevOps
Keep prospect domain data accurate so routing and outreach hold up.
Agencies
Validate client and prospect domains before they ever touch a live campaign.
Why domain validation matters
A domain's DNS configuration tells you almost everything you need to know about its email legitimacy. MX records reveal where mail is delivered, SPF and DMARC define how the domain protects itself against spoofing, and NS records confirm the domain is actively managed. A B2B prospect domain missing all four of these is either inactive, internal-only, or a high-risk target for any outbound campaign.
Starting in 2024, Gmail and Microsoft began rejecting outbound mail from any sender domain without valid SPF and DMARC records. Validating your own sending domains is now table stakes — and validating prospect domains before a campaign is the cheapest insurance against bounce spikes and sender reputation damage. For deeper reading, see our domain verification glossary entry or email deliverability primer.
How it works
- 1
Domain syntax check
We validate the input against DNS naming rules — labels, length limits, and a valid TLD.
- 2
NS lookup
We resolve the domain's nameservers to confirm it's actively managed.
- 3
MX lookup
We query the authoritative nameservers for mail exchange records and return them sorted by priority.
- 4
SPF + DMARC TXT lookup
We fetch TXT records at the domain root and at _dmarc.<domain> to read sender authentication and anti-spoofing policy.
Not checked: DKIM (requires a per-selector lookup we can't guess), WHOIS / registrar metadata (would require an external API), and domain blacklist reputation (requires a paid API). We'd rather skip a check than fake it.
“Most outbound campaigns fail at the DNS layer before a single email is even sent. If your prospect's domain has no SPF and no DMARC, your reply rate will be cut in half by spam filters. We built this validator so any GTM team can spot-check a domain in 2 seconds — no API, no signup, no excuses.”
Validate domains in bulk
This checks one domain at a time. Cleanlist validates entire lists for mail-ready domains, with reputation and deliverability signals on every record across 15+ providers. Start with 30 free credits, no card required.
Free
Try Cleanlist with no credit card. Great for testing the platform.
Free forever
Starter
For founders and small teams getting started with outbound.
billed annually · +$15/extra seat
Everything in Free, plus:
Pro
For sales teams scaling outbound campaigns and pipeline.
billed annually · +$15/extra seat
Everything in Starter, plus:
Scale
For growth teams running heavy enrichment at scale.
billed annually · +$15/extra seat
Everything in Pro, plus:
Compare every plan
| Feature | Free | Starter | Pro | Scale |
|---|---|---|---|---|
Data Enrichment | ||||
| Enrichment | ||||
| AI Search | ||||
| Chrome Extension | ||||
| CSV Upload | ||||
| Credit Rollover | ||||
Prospecting | ||||
| Find People | ||||
| Sales Navigator | ||||
| Manual Entry | ||||
| Export CSV | ||||
| Leads per List | 100 | 2,500 | 2,500 | Unlimited |
| Seats included | 1 | 2 | 5 | 10 |
| Additional seats | — | $20/seat | $20/seat | $20/seat |
Automation & AI | ||||
| AI Agents (Basic) | ||||
| AI Agents (Advanced) | ||||
| Playbooks | ||||
Integrations | ||||
| CRM Import | ||||
| CRM Integrations | ||||
| API Access | ||||
| Custom Integrations | ||||
| SSO / SAML | ||||
Support & Analytics | ||||
| Priority Support | ||||
| Analytics Dashboard | ||||
| Dedicated Success Manager | ||||
| Custom SLAs | ||||
Frequently Asked Questions
What does the domain validator check?
+
Five live DNS checks: (1) MX records (which mail servers handle the domain's email), (2) NS records (whether the domain has authoritative nameservers), (3) SPF (TXT record starting with v=spf1, used for sender authentication), (4) DMARC (TXT record at _dmarc.<domain> defining the anti-spoofing policy), and (5) the domain's overall syntax. We do not check DKIM (it requires a per-selector lookup) or domain blacklists (they require a paid API).
Is this the same as a WHOIS lookup?
+
No. WHOIS shows registrar metadata and ownership history. This tool inspects the live DNS configuration that determines email deliverability and basic legitimacy. For most B2B sales and marketing use cases, the DNS picture matters more than registrar metadata.
Why do SPF and DMARC matter for B2B teams?
+
If a prospect's domain has no SPF or DMARC, mail you send to them is more likely to land in their spam folder, and any reply you receive may be spoofed. If your own domain has no SPF / DMARC, Gmail and Microsoft will start rejecting your outbound mail entirely starting in 2024. Validating these records before launching a campaign is now table stakes.
How accurate is this tool?
+
DNS responses are deterministic — if the records exist on the authoritative nameservers, we'll find them. The tool's interpretation is also conservative: a missing SPF or DMARC is flagged as a warning, not an error, because some domains (like internal-only ones) legitimately don't need them.
Is there a usage limit?
+
Yes — 25 free domain checks per IP per day. After that the tool prompts you to sign up for a Cleanlist account, which includes 30 free credits and bulk domain validation through the API.
Can this detect malicious or phishing domains?
+
Indirectly. A brand-new domain with no DMARC, no SPF, and only a single MX record on a free hosting provider is a strong phishing signal. We surface those signals — but for definitive threat intelligence you need a dedicated reputation API. Use this tool as a fast triage layer.













