InboxGuard — find and fix email deliverability problems

The only platform an AI agent can both detect and remediate email-DNS problems with. InboxGuard scans SPF, DKIM, DMARC, MTA-STS, TLS-RPT, BIMI, DNSSEC/DANE, and DNS blocklists for a sending domain — then publishes the exact DNS fix at your registrar (Cloudflare, Route 53, GoDaddy, Namecheap). MCP-first, with hosted DMARC aggregate-report ingest, instant alerts, and signed webhooks. Operated by movaMedia, Inc.

Pricing · Developers · Guides · API docs · OpenAPI · For AI agents · llms.txt

What InboxGuard checks

• SPF — with a live 10-DNS-lookup budget meter that catches silent PermError.
• DKIM — selector discovery plus key length and algorithm hygiene.
• DMARC — policy, SPF/DKIM alignment, and staged-rollout guidance (none → quarantine → reject).
• DMARC sender identification — maps RUA source IPs back to the senders behind them (Mailchimp, SendGrid, Amazon SES, and more).
• MTA-STS & TLS-RPT — policy fetch, report ingest, and MX TLS certificate health.
• BIMI — record, logo, and real VMC certificate validation (issuer, expiry, logotype).
• DNSSEC & DANE — DS/DNSKEY chain validation and TLSA record detection.
• 13 DNS blocklists — queried from the authoritative side, so there are no public-resolver false positives.
• DMARC aggregate reports — a hosted RUA mailbox per workspace, parsed into per-source-IP dashboards.
• Google Postmaster Tools — Gmail spam-rate and reputation via OAuth.
• Alerts — email, Slack, signed webhooks, and PagerDuty when a posture changes.

Detect and fix — not just report

InboxGuard doesn't stop at “your SPF is broken.” Connect a registrar (Cloudflare, Route 53, GoDaddy, or Namecheap) and it computes the exact record change, shows a diff against the live DNS, and applies it — with one click in the dashboard, or autonomously through an AI agent. Every change is server-revalidated and logged with the prior value for one-click rollback.

Why InboxGuard vs alternatives

Unlike ESP-native dashboards (SendGrid, Postmark) that only see mail sent through them, InboxGuard monitors a domain across every sender. Unlike DMARC-only tools (Dmarcian, Valimail, EasyDMARC), it covers the full authentication, transport-security, and blocklist surface in one 0–100 score — with authoritative-side blocklist queries and one-click DNS remediation. InboxGuard does not send email; pair it with any ESP.

For developers and AI agents

InboxGuard is MCP-first. Connect the production MCP server over Streamable HTTP at https://api.inboxguard.io/mcp from Claude, ChatGPT, Cursor, Claude Code, or any MCP client — see the Developers hub for copy-paste configs. Discovery is open; tools/call needs a bearer API key.

The 11 tools — scan_domain, get_deliverability_score, check_blocklists, get_dmarc_summary, list_domains, get_domain, list_scans, list_alerts, resolve_alert, get_dns_fix_plan, and apply_dns_fix — let an agent run the full detect-and-fix loop: scan_domain → get_dns_fix_plan → apply_dns_fix (destructive, two-step, server-revalidated).

Prefer plain HTTP? Run a free, anonymous scan of any domain (5/hour per IP): curl -sS -X POST https://api.inboxguard.io/scan-domain -H 'content-type: application/json' -d '{"domain":"example.com"}'. Full reference: /llms-full.txt. API contract: /openapi.json. Authentication: /auth.md.

Pricing

14-day free trial, no credit card. Free (1 domain, weekly), Entry $29/mo (5 domains, daily), Pro $99/mo (25 domains, alerts), Agency $299/mo (100 domains, 4-hour cadence). See pricing.