MailFlow Sentinel

What this is

MailFlow Sentinel is a live email security analysis tool built for use in real customer conversations. It was created by an email security practitioner who needed something fast, accurate, and explainable — a tool that shows exactly what an attacker sees when they look at a domain, without requiring a login, a trial, or a sales call.

Every result is generated fresh on demand from live DNS and SMTP data. Nothing is simulated, cached, or estimated.

Methodology

When you run a scan, the tool makes real outbound DNS queries and, where applicable, live SMTP connections to the domain's mail infrastructure. Results reflect the actual public posture of the domain at the time of the scan.

SPF lookup counts are resolved recursively — every include: and redirect= directive is followed via DNS to produce an exact count against the RFC 7208 ten-lookup limit. Third-party senders are identified by resolving DKIM selector CNAMEs and walking the full SPF include chain, not by pattern-matching the raw record string.

SMTP probes connect directly to mail infrastructure on port 25 and negotiate a full EHLO/STARTTLS/MAIL FROM/RCPT TO sequence to test for real exposure — not theoretical risk.

Checks performed

• SPF — record presence, exact recursive DNS lookup count, RFC 7208 limit enforcement
• DMARC — record presence, policy enforcement level (none / quarantine / reject)
• DKIM — common selector enumeration, key size estimation, weak 1024-bit key detection, CNAME delegation mapping
• MTA-STS — DNS record and policy file validation
• TLS-RPT — transport security failure reporting record
• Microsoft 365 direct send — live SMTP probe to the EOP endpoint to test connector enforcement
• Open relay — live SMTP test for external-to-external relay acceptance on MX servers
• Catch-all detection — SMTP probe to a nonexistent address to test wildcard acceptance
• Mail subdomain scan — SMTP probe across common subdomains (mail., smtp., relay., etc.) for forgotten infrastructure
• Third-party sender detection — SPF include chain and DKIM CNAME resolution to identify ESPs in use
• BIMI — brand indicator record and DMARC prerequisite check

Run a scan

Enter any domain or email address to get a full report.