Type any domain or email address and run a real, live DNS test. The checker reads the domain's SPF, MX, and DMARC records and tells you which email service provider sends its mail, which provider hosts its inbox, and which vendor monitors its DMARC.
TL;DR. A domain's DNS leaks its entire email stack. The
SPF record (v=spf1 ... ~all) lists every platform allowed to
send mail - include:sendgrid.net is SendGrid,
include:servers.mcsv.net is Mailchimp, include:mktomail.com is
Marketo. The MX record shows the mailbox provider
(aspmx.l.google.com = Google Workspace,
*.mail.protection.outlook.com = Microsoft 365). The DMARC
rua address often names the monitoring vendor. The checker reads all three live
and matches them against 50+ providers.
Three public DNS signals, queried live every time you run a test.
The SPF record lists every host and include: authorised to send mail for the
domain. Each include maps to a sending platform. The checker expands nested includes
recursively, so it finds ESPs hidden one or two levels deep.
MX records point at whoever receives mail for the domain - Google Workspace, Microsoft 365, Proofpoint, Mimecast, Zoho. This is the inbox provider, separate from the marketing sender.
The DMARC record shows the enforcement policy (p=none / quarantine / reject)
and its rua report address often reveals the monitoring vendor - Valimail,
Red Sift, dmarcian, Postmark.
Big brands hide their real ESPs behind a single include
(include:spf1.stripe.com). The checker follows those references, bounded to a
safe lookup budget, to surface the platforms underneath.
Every host found is matched against a table of 50+ providers - marketing ESPs, transactional infrastructure, CRMs, help desks, mailbox hosts, and DMARC vendors - each with the exact record that matched it.
Each run performs fresh DNS-over-HTTPS lookups in your browser. The result is the domain's real configuration at the moment you check it - a genuine test, not a lookup from a stale database.
A sample of the signature table. The full set covers 50+ providers.
| Record | Example | What it identifies |
|---|---|---|
| SPF include | include:sendgrid.net | SendGrid (Twilio) |
| SPF include | include:servers.mcsv.net | Mailchimp |
| SPF include | include:_spf.klaviyo.com | Klaviyo |
| SPF include | include:mktomail.com | Marketo |
| SPF include | include:amazonses.com | Amazon SES |
| SPF include | include:mail.zendesk.com | Zendesk |
| MX | aspmx.l.google.com | Google Workspace |
| MX | *.mail.protection.outlook.com | Microsoft 365 |
| DMARC rua | rua=mailto:[email protected] | Valimail monitoring |
Confirm a prospect's sending stack before outreach - pitch the right integration, or time a migration play when their SPF changes.
See which platform powers a competitor's email, who hosts their inbox, and whether they run DMARC at enforcement.
Spot forgotten senders still authorised in your SPF, a missing DMARC policy, or a record creeping toward the 10-lookup limit.
A tool that identifies which email service provider a domain uses by reading its public SPF, MX, and DMARC DNS records and matching them against a table of known providers.
Yes. Every run performs live DNS-over-HTTPS lookups from your browser and reads the domain's actual current records. Nothing is cached.
Companies authorise multiple senders - marketing, transactional, CRM, help desk. SPF lists them all, so the checker reports each one separately.
The domain may send in-house, use IP-only SPF, or have no SPF at all. The checker still shows the raw records so you can read them yourself.
No. It only reads public DNS records - SPF, MX, DMARC. No mailbox is accessed and no message content is ever inspected.
SPF shows who is authorised to send. To confirm who actually sent a specific email, read its headers - that is what the signed-in ESP detector does.
Join newsletter creators using AI-powered competitor intelligence to ship better content, faster.
No credit card required · Cancel anytime · All features on every plan