Email Deliverability Test: How to Actually Know If Your Cold Email Is Hitting Inboxes
An email deliverability test tells you whether your messages are landing in the primary inbox, the spam folder, or somewhere in between. Here's how the tests work, what each result means for cold email specifically, and the free test ColdRelay runs against your domain in 30 seconds.
If you're sending cold email and don't run a deliverability test on a brand-new domain before you light up the campaign, you're flying blind. Half of cold email's deliverability failures show up in the first 100 sends — the test catches them in the first 1.
This guide is for two audiences: (1) anyone who searched "email deliverability test" and wants the canonical reference for what these tests actually measure, and (2) ColdRelay customers (or prospective ones) who want to know exactly what our free deliverability test runs and what each result means.
The 30-second answer
An email deliverability test checks whether messages from your domain will actually land in primary inboxes — or get filtered to spam, promotions, or quarantine. A real test verifies:
| Check | What it confirms |
|---|---|
| SPF record present + valid | Receiving servers can verify your sending IPs are authorized |
| DKIM record published + signing | Messages are cryptographically signed; signature verifies in DNS |
| DMARC record published | You have a published policy for what to do on auth failure |
| MX record resolves | Your domain can receive replies (cold email is two-way) |
| No major blocklists hit | Spamhaus, Barracuda, SORBS, SpamCop, etc. all rate you clean |
| PTR (reverse DNS) configured | Sending IP resolves back to your hostname (anti-spoofing signal) |
| TLS supported | Mail in transit is encrypted (table stakes in 2026) |
ColdRelay's free deliverability test runs all 7 in 30 seconds. No signup required.
What an email deliverability test actually does
The phrase "deliverability test" covers two different categories of test:
1. DNS/configuration tests — these check your domain's setup: SPF, DKIM, DMARC, MX, PTR, TLS support. They tell you whether your authentication and routing are correct. They don't tell you whether mail actually lands in the inbox — they tell you whether the infrastructure supports it landing.
2. Seed-list inbox tests — these send a test email to a dozen+ pre-configured seed inboxes at major providers (Gmail, Outlook, Yahoo, Apple Mail, etc.) and report where the message landed: primary inbox, promotions, spam, or somewhere weirder. These tell you the actual outcome but cost money to run repeatedly and only sample a small panel.
For cold email specifically, you want both — but they answer different questions.
DNS/config tests answer "is anything obviously broken?" Run on every new domain before the first send. ColdRelay's free deliverability test covers this category. If it returns anything red, fix that before anything else.
Seed-list tests answer "is the inbox classifier actually ranking us as legitimate?" Run periodically (weekly) on production campaigns. ColdRelay's dashboard includes daily seed-list placement tests for connected sending tools at no extra cost.
What each test result means
SPF: missing or invalid
Symptom: Your SPF record doesn't exist, has a syntax error, or contains too many DNS lookups (max 10).
What it means: Receivers can't verify your sending IPs are authorized for your domain. Gmail soft-failures this; Outlook hard-failures it. Default landing: spam folder or quarantine.
Fix priority: Critical. Cold email at any volume needs a valid SPF record with -all (hard fail). If you're a ColdRelay customer, this is provisioned automatically; if you're not, see our SPF/DKIM/DMARC guide.
DKIM: not signed or signature fails
Symptom: Your test email arrives without a DKIM signature, or the signature doesn't verify against your published public key.
What it means: Receivers can't confirm the message hasn't been tampered with in transit, and can't tie the sending domain back to your cryptographic identity. Gmail and Outlook both treat unsigned mail with suspicion — even more so than missing SPF, because DKIM is the modern standard.
Fix priority: Critical. ColdRelay signs every outbound message with 2048-bit RSA at the SMTP layer. If you're configuring DKIM manually, the most common failure is your sending tool re-signing with a different key than what's published in DNS — make sure the keys match.
DMARC: not present, or p=none
Symptom: Your domain has no _dmarc. TXT record, OR the record exists but specifies p=none (don't act on failures).
What it means: No DMARC = receivers don't know what to do when SPF or DKIM fails. They default to "treat with suspicion." p=none = you've published a policy but it does nothing — checkbox compliance, not actual protection. For cold email, both are weak signals that drag down domain reputation.
Fix priority: High. Move to p=quarantine at minimum — failing messages go to spam rather than landing as if nothing happened. p=reject is even stricter but can cause edge-case legitimate mail to drop, so most cold email setups stay at quarantine.
MX record: missing
Symptom: Your domain has no MX record, or the MX record points to a nonexistent host.
What it means: You can't receive replies. Worse — receiving servers often check MX as a basic "is this a real domain?" sanity check. A domain without MX gets flagged as suspicious-by-omission.
Fix priority: Critical. Cold email is conversational; if a prospect replies, you need to receive it. ColdRelay provisions MX automatically; manual setups commonly forget this when they're focused on outbound.
Blocklist hit (Spamhaus / Barracuda / SORBS / SpamCop)
Symptom: Your sending IP appears on a public DNS blocklist.
What it means: Receivers using that blocklist will reject your mail outright. Spamhaus is the most consequential — being on Spamhaus's SBL or XBL means most major providers reject by default.
Fix priority: Critical. Pause all sending immediately. The fix depends on which list:
- Spamhaus SBL/XBL — submit a removal request via the Spamhaus delisting form. Typical resolution: 1–7 days.
- Barracuda — automatic delisting form, usually 24–48 hours.
- SpamCop — listings expire automatically after 24 hours of clean sending.
- SORBS — slowest to delist (sometimes weeks); usually means a serious incident.
If you're on a shared IP (cheap cold email infrastructure providers), a single bad neighbor can land you on a list with no warning. ColdRelay uses dedicated IPs per customer specifically to prevent this — your reputation is yours alone.
PTR (reverse DNS): missing or generic
Symptom: Reverse DNS lookup on your sending IP returns nothing, or returns a generic hostname like ip-12-34-56-78.cloudprovider.example.
What it means: Anti-spoofing systems check that your sending IP's PTR record matches your sending domain. Missing PTR = suspicious. Generic PTR (cloud-provider default) = "this is a transient cloud instance, probably not a legitimate mail sender."
Fix priority: Medium-high. Major providers don't all enforce this strictly, but it's a noticeable signal. ColdRelay configures PTR records pointing at your dedicated mail server (mail.<your-domain>) automatically.
TLS not supported
Symptom: Your sending or receiving server doesn't support TLS encryption.
What it means: Mail goes in plaintext (or doesn't go at all to providers that mandate TLS, like Gmail). In 2026 this is almost unheard of — every modern mail server supports STARTTLS on port 587 and implicit TLS on 465/993.
Fix priority: Low for cold email — if you're seeing this, something is dramatically misconfigured upstream. ColdRelay's SMTP layer enforces TLS on every connection.
How ColdRelay's deliverability test works
The free tool takes any domain (yours or a competitor's) and runs all 7 checks in parallel. It hits public DNS resolvers (Google's 8.8.8.8 and Cloudflare's 1.1.1.1) for the SPF/DKIM/DMARC/MX/PTR records, and queries the major blocklists directly for IP-level reputation.
Sample output for a healthy domain:
✓ SPF v=spf1 ip4:20.x.x.x include:_spf.coldrelay-infra.com -all
✓ DKIM default._domainkey published, 2048-bit RSA, signature verifies
✓ DMARC v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc@...
✓ MX mail.example.com (priority 10)
✓ Blocklist Clean on 6 major DNSBLs
✓ PTR mail.example.com (matches sending domain)
✓ TLS STARTTLS supported on 587, TLS 1.3
A failing domain looks more like:
✗ SPF Record present but ends with ~all (soft fail) — recommended: -all
✓ DKIM default._domainkey published
✗ DMARC No _dmarc record found
✓ MX mail.example.com (priority 10)
✗ Blocklist Listed on Spamhaus SBL — pause sending immediately
✗ PTR No reverse DNS configured for 1.2.3.4
✓ TLS STARTTLS supported on 587
Three red items on a single test = your cold email isn't reaching inboxes regardless of how good your copy is.
What the test won't tell you (and what to do about it)
Configuration tests are necessary but not sufficient. They check that your setup could support good deliverability. They don't measure:
Domain age and history. A brand-new domain registered yesterday will pass every DNS check but still struggle until it warms up. (Why warmup matters →)
Send-volume patterns. Sending 1,000 emails in the first hour from a fresh domain will tank your reputation regardless of how perfect your SPF/DKIM/DMARC are. ColdRelay enforces 2 sends/mailbox/day specifically to prevent this.
Content classification. Even with perfect infrastructure, certain subject-line patterns or body text triggers classify as promotional or spam. The DNS test can't see your content.
Engagement signals. Replies, opens, time-spent-in-inbox — all measured by Gmail and Outlook, all invisible to external tests. Bad engagement = bad reputation, regardless of authentication.
For these, you need seed-list placement tests (which ColdRelay runs daily for paid customers) and dashboard-level monitoring of your actual reply rates and bounce rates.
A pre-launch deliverability test checklist for cold email
Before you turn on a new campaign on a new domain:
- Run the free deliverability test on the sending domain. All 7 checks must pass.
- Send a test email to your own Gmail and Outlook inboxes. Verify it lands in Primary (not Promotions, not Spam).
- Check the headers of the test email. Look for
Authentication-Results: ... spf=pass dkim=pass dmarc=pass. - Confirm your reply path works. Reply to the test email — does it route back to a mailbox you actually monitor?
- Check Google Postmaster Tools (guide →) after 48 hours of sending. Domain Reputation should land at Medium or higher.
This takes 10 minutes and catches 90% of deliverability disasters before they ruin a campaign.
FAQ
How often should I run a deliverability test?
Once per new domain pre-launch. Then weekly on active production domains. ColdRelay's dashboard runs continuous monitoring (hourly blocklist checks, daily seed-list placement tests) so you don't need to remember to re-test manually.
Is a free deliverability test as good as a paid one?
For DNS/configuration checks (SPF/DKIM/DMARC/MX/PTR/blocklist/TLS), free tests are equivalent to paid ones — the underlying DNS queries are the same regardless of which tool runs them. Paid tools differentiate on seed-list inbox testing (sending real test emails to a panel of inboxes), which costs money to maintain. ColdRelay's free tool covers the DNS layer; for seed-list testing, customers get it free as part of the platform.
What's the difference between an email deliverability test and an inbox placement test?
Deliverability test = checks the setup (DNS records, blocklists, encryption). Inbox placement test = checks the outcome (where does mail actually land at major inbox providers). Both matter; they answer different questions.
My deliverability test passes but my emails still go to spam — what gives?
Three common causes after a clean test:
- Content classification — subject lines or body text triggering content-based filters. Run an A/B test with two variants of copy.
- Low domain reputation despite clean setup — typically a brand-new domain that hasn't warmed up yet. Pause for 7 more days at lower volume.
- Engagement signals — if you have a high bounce rate or low reply rate, Gmail's engagement-based classifier downgrades you regardless of authentication. Tighten list quality.
Do I need to test deliverability per mailbox, or just per domain?
Per domain. SPF/DKIM/DMARC/MX/PTR are domain-level. Blocklists are IP-level (but ColdRelay's dedicated IPs are 1:1 with customers, so testing once per domain captures it). Per-mailbox testing only matters if you're using radically different sending tools per mailbox, which is unusual.
Can I test a domain I don't own?
Yes — for the DNS-level checks (SPF/DKIM/DMARC/MX/PTR/blocklist/TLS), the data is public. You can test a competitor's domain to see how their authentication is configured. You can't run seed-list tests on someone else's domain (that requires sending mail).
Test your domain free → Run the deliverability test · Run cold email on infrastructure built to pass every test → Try ColdRelay free