DigInterface is a free online toolkit for IT professionals, email admins, developers and domain owners. It combines DNS lookup, IP and domain blacklist checking, WHOIS, email header analysis, SPF macro testing, regex testing, HAR/JSON file viewing, Unix timestamp conversion, a live HTML editor, and a full SMTP test console — all in one place with no ads and no tracking of your queries.

Yes, completely free. Most tools require no registration at all. The SMTP Send and Open Relay Test tools require a free account to prevent abuse.

No. DigInterface does not store lookup queries, email headers, DNS results or any other user data. All queries are processed in real time and discarded immediately. The HAR/JSON Viewer and Live HTML Editor process everything entirely in your browser — nothing is sent to the server.

Yes. All pages support dark mode via the toggle button in the navigation bar. Your preference is saved in the browser and persists across visits. The site also respects your operating system's dark mode setting on first visit.

DigInterface is maintained by a small team of email and DNS professionals. See the About page for more details, or contact us at info@diginterface.com with questions, feedback or feature suggestions.

The DNS Lookup tool supports A, AAAA, MX, NS, CNAME, TXT, SOA, PTR, SRV, CAA, SPF, DKIM and DMARC record types, or you can select All to query everything at once. You can also look up multiple domains simultaneously — one per line.

You can choose from Google (8.8.8.8), Cloudflare (1.1.1.1), OpenDNS (208.67.222.222) and Quad9 (9.9.9.9). Querying the same record across multiple resolvers is useful for identifying propagation issues or checking whether a resolver is returning stale cached results.

The optional security check (tick the checkbox before clicking Lookup) runs additional checks for DNSSEC, MTA-STS, BIMI, DANE, MX, NS and CAA records and reports whether each is configured or missing. This gives you a quick overview of a domain's email and DNS security posture.

Select DKIM from the record type dropdown. A DKIM Selector field will appear — enter the selector name (for example google, s1, or default). The tool will query selector._domainkey.domain and return the public key record.

The Blacklist Checker queries 15 IP-based DNSBLs — Spamhaus ZEN, Barracuda, Spamcop, SORBS, UCEPROTECT L1/L2/L3, PSBL, Abuseat CBL, SpamRATS, JustSpam, Truncate, WPBL, Mailspike and 0Spam — plus 5 domain-based lists — Spamhaus DBL, SURBL Multi, URIBL Black, Spamhaus ZRD and 0Spam Domain BL. All checks run in parallel so results return quickly.

Yes. When you enter a domain name the tool resolves it to its IP address and then checks both the IP against all IP-based lists and the domain against all domain-based URI blacklists simultaneously. This gives you a complete picture of both the sending IP and the domain's reputation.

Each result includes a Lookup link that takes you directly to that blacklist's website where you can find their specific removal or delisting process. Most blacklists require you to first fix the underlying issue (such as a compromised mail server, open relay or spam source) before they will delist the IP. Some lists like Spamhaus auto-delist once the problem is resolved; others like Barracuda require a manual request.

In Gmail: open the email, click the three-dot menu (⋮) and select "Show original". In Outlook: open the email, go to File → Properties and copy the Internet headers box. In Apple Mail: select the email and go to View → Message → All Headers. Paste the full header block into the Email Header Analyzer.

The analyzer parses the Authentication-Results header and extracts SPF, DKIM, DMARC and ARC results, showing each as pass, fail or none with the full detail string. This is useful for diagnosing why an email is landing in spam or failing authentication.

The relay section traces each hop the email took through mail servers by parsing all Received headers in chronological order. For each hop it shows the sending and receiving server, the protocol used, the timestamp and the delay between that hop and the next. A progress bar visualises which hop introduced the most delay. This is particularly useful for identifying slow mail servers or delivery bottlenecks.

Yes. The WHOIS Lookup supports domain names, IPv4 and IPv6 addresses. Domain lookups return registrar, registration and expiry dates, nameservers and status. IP lookups use RDAP to return ASN details, network CIDR ranges, allocation dates and entity or contact information from the relevant regional internet registry (ARIN, RIPE, APNIC, LACNIC or AFRINIC).

RDAP (Registration Data Access Protocol) is the modern replacement for the older WHOIS protocol. It returns structured JSON data from the relevant registry's RDAP endpoint, which allows for richer information including ASN details, network ranges, entity roles and event timestamps. It is more reliable than traditional WHOIS which has inconsistent formatting across registries.

SPF macros are variables used in SPF records that expand to values from the live SMTP transaction. Common macros include %{i} (sender IP address), %{s} (sender email address), %{d} (envelope domain), %{h} (HELO/EHLO hostname), %{l} (local part of sender email) and %{o} (sender domain). They are commonly used in exists: mechanisms for per-IP reputation checking services.

After expanding the macro the SPF Macro Tester performs a live DNS TXT lookup on the expanded domain, performs a full SPF check against the sender IP using the Python spf library and shows the SPF result (pass, fail, softfail, neutral, etc.). If the SPF record contains exists: mechanisms it also expands and resolves those macro domains individually.

The Regex Tester supports Python (re module), PCRE (via the Python regex module which adds atomic groups, \K and advanced lookbehind support) and ECMAScript (evaluated live in the browser using JavaScript). All three support case-insensitive, multiline and dot-matches-newline flags.

Yes. Named capture groups are supported in both Python ((?P<name>...)) and PCRE/ECMAScript ((?<name>...)) flavours. The tester displays each named group and its matched value in the results alongside the full match, start position and end position. Matches are also highlighted in the test text in real time as you type.

A HAR (HTTP Archive) file is a JSON-formatted log of all HTTP requests made by a browser during a session. To export one in Chrome or Edge: open DevTools (F12), go to the Network tab, reproduce the issue, then right-click any request and choose "Save all as HAR". In Firefox: Network tab → gear icon → Save all as HAR. You can then upload the file to the HAR & JSON Viewer.

The waterfall chart shows all HTTP requests in chronological order with a colour-coded bar for each request broken into phases: Blocked (red), DNS (green), Connect (orange), TLS (purple), Send (blue), Wait/TTFB (teal) and Receive (light green). You can click any row to open a detail panel showing the full request and response headers, request body, response body, cookies and a timing breakdown table. Filter by URL, status code or content type to narrow down the results.

No. The HAR/JSON Viewer processes files entirely in your browser using JavaScript. No data is sent to the server at any point. This makes it safe to use with HAR files that may contain sensitive authentication headers or session cookies.

The Timestamp Converter uses the number of digits to auto-detect the unit: 10 digits = seconds, 13 digits = milliseconds (used by JavaScript and Java), 16 digits = microseconds (used by some databases) and 19 digits = nanoseconds (used by Go and high-precision systems). It converts to all other formats simultaneously and shows the result as a Unix timestamp, millisecond timestamp, ISO 8601 string, UTC datetime and local datetime.

The Live HTML Editor uses CodeMirror 5 and includes syntax highlighting for HTML, CSS and inline JavaScript, line numbers, code folding, auto-close tags, tag matching, HTML autocomplete (Ctrl+Space), toggle comment (Ctrl+/), and a status bar showing character count, line count and tag count. The live preview updates automatically as you type with a 300ms debounce.

The Snippets menu includes 13 ready-made templates: HTML5 Page boilerplate, HTML Email Template (table-based, compatible with email clients), Table, Form, Flexbox Container, Card, Unordered List, Image with Figure and Caption, Anchor Link, Meta Tags and Open Graph / Twitter Card tags.

Desktop shows the full-width preview. Tablet constrains the preview iframe to 768px width (a common breakpoint for tablet layouts). Mobile constrains it to 375px (the width of an iPhone). This lets you quickly check whether your HTML and CSS is responsive without needing to resize your browser window.

The SMTP Send tool supports Plain (no encryption), STARTTLS (upgrade to TLS after connecting on port 587 or 25) and TLS (implicit TLS from the start, typically port 465). You can also leave the username and password fields empty to test unauthenticated SMTP.

The Open Relay Test sends a DKIM-signed test email directly to a target SMTP host on port 25 or 587 without authentication, using smtptest@smtptest.diginterface.com as the sender. If the target server accepts and delivers the message it may be configured as an open relay — meaning it will forward email for any sender, which is a serious security and spam risk. The full SMTP transcript is shown in the transmission log so you can see exactly what the server responded at each step.

Enabling verbose mode in the SMTP Send tool shows the complete SMTP conversation in the transmission log — including the EHLO/HELO exchange, MAIL FROM, RCPT TO, DATA command and the server's response codes and messages at each step. This is useful for diagnosing exactly where an SMTP connection or delivery is failing.

Absolutely. Email info@diginterface.com with feature requests, bug reports or any other feedback. We actively maintain and improve the tools based on user suggestions.

The SSL/TLS Certificate Checker connects directly to the target host and port, retrieves the certificate and shows: subject (CN), issuer, serial number, signature algorithm, key type and bit length, validity dates with a countdown bar showing days remaining, all Subject Alternative Names (SANs), the negotiated TLS version and cipher suite, and a colour-coded status for whether the certificate is valid, expiring soon or expired. It also checks whether the hostname matches the certificate and whether the chain is valid.

The SSL Checker has a Port field next to the domain input. It defaults to 443 but you can change it to any port — for example 8443 for alternative HTTPS, 465 for SMTPS, 993 for IMAPS or 636 for LDAPS. Enter the domain and port and click Check Certificate.

Certificates with more than 30 days remaining show as Valid (green). Certificates with 30 days or fewer remaining show as Expiring Soon (yellow) — this is a warning threshold used by most monitoring tools. Expired certificates show in red. Most certificate authorities send renewal reminders at 30 days, so this threshold gives you time to act before browsers start showing warnings.

The DNS Propagation Checker queries the same DNS record simultaneously across 20 public resolvers in different geographic locations and providers — including Google, Cloudflare, OpenDNS, Quad9, Verisign, AdGuard, Hurricane Electric and others. It determines the most common answer (consensus) and marks each resolver as either propagated (returning the consensus answer) or not yet propagated (returning a different or no answer). A percentage bar shows overall propagation progress.

DNS resolvers cache records for the duration of the TTL (Time To Live) set on the record. Until the cached TTL expires, a resolver will return the old answer even after the record has been updated at the authoritative nameserver. The time for full propagation depends on the TTL of the old record — a record with a 24-hour TTL can take up to 24 hours to fully propagate even after you change it. To speed up future changes, lower the TTL to 300 seconds (5 minutes) a day before making the change, then restore it afterwards.

The Email Deliverability Tester runs a comprehensive set of checks for a domain: MX records (present and resolving), SPF record (valid, single record, not exceeding 10 DNS lookups), DKIM public key (if a selector is provided), DMARC policy (exists, policy strength, reporting configured), reverse DNS / PTR records for MX hosts, Spamhaus ZEN blacklist check for the mail server IP, MTA-STS and BIMI configuration. Results are colour-coded pass/warn/fail and a score out of 100 gives an at-a-glance deliverability health rating.

The score out of 100 is calculated by awarding points for each passing check. MX records pass earns 15 points, a valid SPF record earns up to 15 points, DKIM published earns 15 points, DMARC policy earns up to 20 points (more for stricter policies), PTR records earn up to 10 points, a clean Spamhaus listing earns 10 points, and bonus points for MTA-STS. A score of 85+ is excellent, 65–84 is good, 40–64 needs work and below 40 is poor and likely to cause deliverability problems.

The Base64 tool has six modes: Base64 Encode (with optional URL-safe mode and 76-character line-break wrapping), Base64 Decode (handles both standard and URL-safe Base64 automatically), URL Encode (with option to encode the full URL or just parameters), URL Decode, File to Base64 (drag-and-drop any file and get the Base64 output plus a Data URI for use in HTML src="" attributes), and JWT Decoder (decodes the header and payload of a JWT token and shows expiry status — note: signature is not verified).

Standard Base64 uses +, / and = characters which have special meaning in URLs and can cause errors when included in query strings or path segments. URL-safe Base64 replaces + with -, / with _ and removes the = padding. Use URL-safe mode when the Base64 output will be included in a URL, JWT token, filename or any context where the standard characters would be misinterpreted.

No. All encoding and decoding in the Base64 tool happens entirely in your browser using JavaScript. No data — including file contents, text or JWT tokens — is sent to the server. This makes it safe to use with sensitive data such as API keys, credentials or private tokens.

The Subnet Calculator accepts IPv4 addresses in CIDR notation (192.168.1.0/24), with a dotted subnet mask (10.0.0.0/255.255.255.0), or just an IP address without a mask (in which case it infers the class-based default mask — /8 for Class A, /16 for Class B, /24 for Class C). You can also use any of the quick-pick common subnets at the top of the page.

The subnet breakdown table splits your network into smaller subnets at a prefix length you choose. For example, entering 192.168.0.0/24 and splitting at /26 shows all four /26 subnets with their network address, first usable host, last usable host, broadcast address and usable host count. Up to 256 subnets are shown in the table. You can change the split prefix at any time and the table updates instantly. All calculations run entirely in your browser.

The binary visualiser shows the IP address, subnet mask and network address in 32-bit binary format, split into four octets separated by dots. Network bits (the ones locked by the subnet mask) are shown in blue and host bits (the ones available for addressing) are shown in green. This makes it easy to understand visually how the prefix length divides the address space between the network and host portions.