Help
Glossary + FAQ for instant domain-health diagnostics.
Relaymetry checks MX, SPF, DKIM, DMARC, blacklist, and TLS for any domain — no signup, instant results, plain English. This page indexes the terms and questions that come up across the tools.
Glossary
MX (Mail Exchange) records
DNS records that list which servers receive mail for a domain, in priority order. RFC 1035 + RFC 5321 s.2.3.5.
SPF (Sender Policy Framework)
TXT record listing IPs and hosts authorized to send mail for the domain. RFC 7208.
DKIM (DomainKeys Identified Mail)
Cryptographic signature on outbound mail, verified against a public key in DNS. RFC 6376.
DMARC
Policy + reporting framework that ties SPF + DKIM to a domain owner via alignment. RFC 7489.
Blacklist (DNSBL / RBL)
DNS-published lists of IPs or domains that operators publish for receivers to consult. RFC 5782.
TLS (Transport Layer Security)
Encryption between SMTP servers — receiving servers should support TLS 1.2+ for inbound mail. RFC 8446.
DOI (Double Opt-In)
A confirm-by-email step before adding any address to a list — required for waitlist signups in Relaymetry.
Deliverability
Whether mail you send reaches the inbox vs spam folder. Driven by domain reputation, authentication (SPF/DKIM/DMARC), and content signals.
Frequently asked questions
Do I need both SPF and DKIM?
Yes — modern receivers (Gmail, Outlook) require at least one of SPF/DKIM aligned with the From: domain. DKIM is more robust to forwarding; SPF is simpler to set up. DMARC requires either to pass and align — shipping both gives DMARC two paths to succeed.
Do I need DMARC if I already have SPF?
Yes. SPF alone does not prevent spoofing of the visible From: address. DMARC ties SPF and DKIM to the From: domain and tells receivers what to do when alignment fails — observe, quarantine, or reject. Without DMARC, a sender can spoof your From: domain as long as the envelope domain passes SPF.
Why does my domain have multiple MX records?
Multiple MX records provide redundancy. The lowest priority number is tried first; higher numbers are fallbacks. Equal priorities distribute inbound load across servers. Most mailbox providers (Google Workspace, Microsoft 365) publish 2-5 MX records for resilience. All listed hostnames must resolve to valid IPs.
How do I set up double opt-in (DOI)?
Configure your mailing list or ESP to send a confirmation email when someone submits their address. Delivery only proceeds after the recipient clicks the confirmation link. This validates addresses, reduces spam complaints, and satisfies GDPR / CAN-SPAM list-hygiene requirements. Relaymetry requires DOI for its own waitlist signups.
Are my email tests and domain checks stored?
Relaymetry caches DNS lookup results for a short TTL to improve performance for repeat queries on the same domain. We do not store personally identifiable information about who ran a check. Results are keyed by domain name only. See the Privacy page for the full data-retention policy.
What does "aligned DMARC" mean?
DMARC alignment means the From: domain matches the domain that authenticated via SPF or DKIM. Relaxed alignment (the default) allows subdomain matches; strict alignment requires an exact match. Per RFC 7489 s.3, at least one of SPF or DKIM must pass AND align with the visible From: domain for DMARC to pass.
Why does my SPF pass but Gmail still filters to spam?
Authentication (SPF, DKIM, DMARC) is necessary but not sufficient. Gmail also weighs sender reputation, recipient engagement (open rate, complaint rate), content scoring, and internal anti-abuse signals none of which are visible in DNS. A domain that passes every authentication check can still be filtered to spam by reputation or content scoring.
What is a blacklist hit?
A blacklist hit means your mail-server IP appears in a public DNSBL zone (Spamhaus ZEN, Barracuda, SpamCop, etc.). Receivers consult these zones and may reject or filter mail from listed IPs. Hits are caused by sending spam, sharing an IP range with bad actors, or carrying forward a previous owner's listing. Use the Blacklist Lookup tool to check your domain.
Is TLS 1.0 still safe for email?
No. TLS 1.0 and 1.1 are deprecated — RFC 8996 formally retires them. Modern receivers require TLS 1.2 minimum; TLS 1.3 is preferred. Mail servers still advertising TLS 1.0 risk connection failures with well-configured receivers and expose sessions to known downgrade attacks. Upgrade to TLS 1.2+ immediately.
What is BIMI?
BIMI (Brand Indicators for Message Identification) is an emerging standard that lets domain owners publish a verified logo that mailbox providers (Gmail, Yahoo) display next to authenticated messages in the inbox. BIMI requires DMARC p=quarantine or p=reject plus a Verified Mark Certificate (VMC) from an approved CA.
Can I share a Relaymetry report with someone else?
Yes — each report page URL encodes the domain. Copy the address bar URL and share it; the recipient will see the same report. Results are cached for a short TTL, so a fresh check can be triggered by clicking Re-check. No account is needed to view a shared report.
Are personally identifiable fields redacted in reports?
Yes. Relaymetry redacts DMARC aggregate-report email addresses (rua= and ruf= fields) that appear to identify individuals (e.g., personal mailboxes). Addresses published as corporate policy inboxes are displayed as-is. The redaction policy follows the PII guidelines in the Privacy page.
Cluster guides
In-depth guides for diagnosing email deliverability issues — Gmail-class problems, DNS authentication (SPF / DKIM / DMARC / PTR), and other receiver-specific patterns.
- Why Gmail rejects emails from your domain
Diagnose Gmail rejections via SPF, DKIM, DMARC, alignment, blacklist, and TLS signals.
- Gmail 5.7.26 error: why Gmail says your email is unauthenticated
Gmail 5.7.26 usually points to missing or failing sender authentication. Check SPF, DKIM, DMARC, and alignment before changing content or resending the same campaign.
- SPF, DKIM, and DMARC pass but Gmail sends email to spam
Passing SPF, DKIM, and DMARC is necessary, but Gmail can still filter messages based on reputation, volume, content, engagement, and provider-specific signals.
- New domain emails going to Gmail spam: what is technical and what is reputation
New domains can pass SPF, DKIM, and DMARC and still land in Gmail spam. Check authentication, alignment, PTR/TLS basics, sending history, volume changes, and Postmaster Tools limits.
- Email authentication explained: SPF, DKIM, DMARC, and PTR
Email authentication is built on four DNS-based signals — SPF authorizes who can send, DKIM cryptographically signs messages, DMARC enforces alignment with the visible From, and PTR proves the sending IP identity.
- SPF too many DNS lookups: fix the PermError before it silently breaks delivery
Exceeding the 10-lookup SPF limit returns PermError, which prevents SPF from passing and can silently break DMARC alignment on every affected message.
- Multiple SPF records on one domain: why it causes permerror and how to fix it
Two or more v=spf1 records at the same domain name force a permerror result, preventing SPF from passing for any message from that domain.
- DKIM record not found: why the public key is missing and how to fix it
A missing DKIM public-key record at the selector DNS name prevents the verifier from confirming the signature, leaving DKIM with no pass result.
- Why Outlook blocks emails from your domain
Outlook blocks emails when authentication, policy, reputation, content, or transport signals look unsafe. Check MX, SPF, DKIM, DMARC, blacklist, and TLS posture before blaming reputation alone.