Step-by-step guides for every tool on DigInterface. Click a tool name to jump to its guide.
Enter one or more domain names in the text area, one per line. For example: google.com or multiple like google.com and microsoft.com on separate lines.
Select the record types you want to query from the dropdown. Choose individual types (A, MX, TXT, SPF, DKIM, DMARC, etc.) or select All to query every supported type at once.
Choose a DNS resolver — Google (8.8.8.8), Cloudflare (1.1.1.1), OpenDNS or Quad9. Google is selected by default and works well for most queries.
For DKIM lookups, select DKIM as the record type and a selector field will appear. Enter the selector name — for example google, s1 or default. Check the email headers of a message from the domain to find the selector (look for s= in the DKIM-Signature header).
Optionally tick Include Security Check to also check DNSSEC, MTA-STS, BIMI, DANE, MX, NS and CAA configuration.
Click Lookup. Results appear colour-coded — green for successful records, yellow for missing records, red for errors.
Use the Download TXT or Download CSV buttons to export results for reporting or documentation.
1.0.0.127.in-addr.arpa for IP 127.0.0.1. Most hosting panels let you set PTR records directly.Enter an IP address or domain name in the input field. You can enter an IPv4 address (e.g. 203.0.113.10), an IPv6 address, or a domain name (e.g. yourdomain.com).
Click Check Blacklists. The tool checks all lists in parallel — this usually takes 5–10 seconds.
Review the summary badge at the top of the results — it shows how many lists you are listed on out of the total checked. Green means clean, red means at least one listing was found.
If you entered a domain, two tables appear: IP-Based Blacklists (for the domain's resolved IP) and Domain-Based Blacklists (for the domain itself). Results are sorted with any listings at the top.
For any listing, check the Reason column — this shows the TXT record explanation provided by that blacklist. Click Lookup to open the blacklist's own page for that IP or domain, which usually includes removal instructions.
Download results as TXT or CSV for documentation or reporting to management.
Gmail: Open the email, click the three-dot menu (⋮) in the top right of the message and select Show original. Copy everything in the box that appears.
Outlook (desktop): Open the email, go to File → Properties and copy the contents of the Internet headers box.
Outlook (web): Open the email, click the three-dot menu → View → View message source. Copy the header section at the top.
Apple Mail: Select the email and go to View → Message → All Headers.
Paste the raw headers into the text area and click Analyze Headers.
Check the Authentication Results section first. Each of SPF, DKIM, DMARC and ARC will show as pass (green), fail (red) or none (yellow). Any fail or none is a potential cause of spam classification.
Review the Relay Information section. Hops are shown in chronological order (first hop at the top). Check the delay column — a hop with a very large delay (30+ seconds) indicates a slow or problematic mail server in the delivery chain.
Scroll down to the Parsed Headers table for a complete breakdown of every header field — useful for inspecting X-headers, Message-ID, Content-Type and other fields.
X-Spam-Score or X-Spam-Status headers from the receiving server — these show what spam score the message was assigned and why.Enter a domain name or IP address in the search field. Examples: example.com, 8.8.8.8, or an IPv6 address like 2001:4860:4860::8888.
Click Lookup. A loading spinner indicates the query is running — IP WHOIS lookups via RDAP may take a few seconds.
For domain lookups, review the Domain Registration Details card which shows registrar, registration date, expiry date, nameservers, status flags and DNSSEC information.
For IP lookups, three expandable sections appear: ASN Information (autonomous system number, CIDR range, registry and country), Network Information (network name, IP range, type and events) and Entity / Contact Details (contact handles, organisation, addresses, emails and roles).
Click the Copy All button to copy the full result to your clipboard, or use Download TXT / CSV to save the data.
clientTransferProhibited are normal and mean the domain is locked against unauthorised transfers. If you see serverHold or redemptionPeriod the domain may be suspended or about to expire.Enter the SPF macro string you want to test. This is typically the macro portion of an SPF exists: or include: mechanism, for example: %{i}._spf.%{d} or a full SPF include domain like spf.protection.outlook.com.
Enter the Sender IP — the IP address of the mail server that would be sending the email. This populates the %{i} and %{c} macros.
Enter the HELO/EHLO hostname — the hostname the sending server announces in the SMTP HELO or EHLO command. This populates the %{h} macro.
Enter the Sender Email — the envelope From address (MAIL FROM). This populates %{s} (full address), %{l} (local part) and %{o} (domain part) macros.
Enter the Envelope Domain — usually the domain part of the sender email. This populates the %{d} macro.
Click Expand Macro. The tool shows the fully expanded macro string, performs a live DNS TXT lookup on the result and runs a full SPF check showing the final result (pass, fail, softfail, etc.).
%{i} = sender IP, %{s} = full sender email, %{d} = envelope domain, %{h} = HELO hostname, %{l} = local part of sender email, %{o} = sender domain.exists:%{i}._spf.example.com, the tool will expand and resolve each exists macro individually so you can see exactly which IP ranges are being whitelisted.~all) means the IP is not authorised but the receiving server may still accept the message. A hardfail (-all) means it should be rejected.Select the regex engine from the flavour dropdown: Python (re) for standard Python regex, PCRE for advanced patterns with atomic groups and \K, or ECMAScript for JavaScript-style regex evaluated live in the browser.
Set any flags you need using the checkboxes: Ignore Case makes matching case-insensitive, Multiline makes ^ and $ match line boundaries, Dot Matches Newline makes . match any character including newlines.
Enter your regex pattern in the Pattern field. You do not need to wrap it in slashes — just enter the pattern itself, for example \b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b.
Enter the test text in the large text area — this is the string the regex will be run against.
Results update live as you type. Matches are highlighted in green in the test text, and each match is listed below with its start position, end position and any named capture groups.
(?P<name>...), in ECMAScript use (?<name>...). The group names and matched values appear in the results table.^ and $ to match each line rather than the entire string.Chrome / Edge: Open DevTools with F12, go to the Network tab, tick Preserve log, reproduce the issue, then right-click any request and select Save all as HAR with content.
Firefox: Open DevTools with F12, go to the Network tab, reproduce the issue, click the gear icon and choose Save all as HAR.
Safari: Enable the Develop menu (Preferences → Advanced), open Web Inspector, go to the Network tab, reproduce the issue, then click Export.
Upload the .har or .json file by dragging it onto the drop zone, clicking to browse, or switching to the Paste tab to paste content directly.
For HAR files, the waterfall chart loads automatically showing all requests in chronological order with colour-coded timing bars. The summary cards at the top show total requests, transferred bytes, total time and error count.
Filter the waterfall by typing in the URL filter box, selecting a status code range (2xx, 3xx, 4xx, 5xx) or clicking the content type badges to show/hide specific resource types.
Click any row to open the detail panel showing request and response headers, request body, response body, cookies and a per-phase timing breakdown.
Switch to JSON Tree view to explore the raw HAR structure or any JSON file in a collapsible tree with syntax highlighting. Use the search box to find specific keys or values. Switch to Raw view to copy or download the formatted JSON.
The live clock at the top shows the current Unix timestamp updating every second — useful as a quick reference without needing to type anything.
To convert a Unix timestamp: paste the number into the Unix Timestamp panel. The tool auto-detects whether it is in seconds (10 digits), milliseconds (13 digits), microseconds (16 digits) or nanoseconds (19 digits) and instantly shows all equivalent formats.
To convert an ISO 8601 date: paste a date like 2025-04-22T10:30:00.000Z or 2025-04-22T20:30:00+10:00 into the ISO 8601 panel.
To convert a specific UTC date and time: use the date and time pickers in the UTC panel. The second field is separate so you can set precise values including seconds.
To convert your local time: use the Your Time Zone panel — it uses your browser's local timezone automatically.
Click Load Current Time to populate all four panels with the current time simultaneously — useful when you need the current timestamp in multiple formats at once.
+10:00) is handled correctly — the tool converts to UTC before calculating the Unix timestamp.Start with a snippet if you are building something from scratch — click the Snippets menu and choose a template like HTML5 Page for a general page or Email Template for an HTML email.
Edit the HTML in the left pane. The preview on the right updates automatically as you type. Press Ctrl+Space to trigger HTML autocomplete at any point.
Use code folding by clicking the arrow in the gutter next to any opening tag — useful for collapsing sections you are not currently editing in longer documents.
Click Format (✨) to automatically clean up indentation and make the code easier to read.
Use the preview size toggle to check how your HTML looks at desktop (full width), tablet (768px) or mobile (375px) — important for responsive layouts and email templates.
When finished, click Copy to copy the HTML to your clipboard, or Download to save it as index.html.
Ctrl+Space — trigger HTML autocomplete at the cursor position.Ctrl+/ — toggle comment on the current line or selection.Ctrl+Q — fold or unfold the code block at the cursor.Tab — indent selected lines or insert 4 spaces at the cursor.<div> and the closing </div> is inserted automatically.Log in with your DigInterface account. If you do not have one, register for free — email verification is required before you can use this tool.
Make sure SMTP Send mode is selected (the default). Enter the SMTP server hostname and port — common ports are 25 (unauthenticated), 587 (STARTTLS) and 465 (TLS).
Choose the connection type: Plain (no encryption), STARTTLS (recommended for port 587) or TLS (for port 465).
Enter the Envelope From (MAIL FROM address) and Header From (the From address shown to the recipient). Leave Envelope From blank to send as <> (null sender — used for bounce notifications).
Enter the Recipient Email, Subject and Body. Optionally attach a file.
Enter SMTP username and password if the server requires authentication. Leave blank for unauthenticated tests.
Tick Enable Verbose Logging to see the full SMTP conversation in the transmission log. Complete the CAPTCHA and click Send Email.
Click the Open Relay Test button to switch modes.
Enter the Target SMTP Host — the hostname or IP of the server you want to test. This connects directly to the host, bypassing MX lookup.
Enter a Recipient Email at a domain the target server does not host — for example a Gmail address. If the server accepts and delivers the message it is likely an open relay.
Select port 25 or 587 and a connection type, complete the CAPTCHA and click Run Open Relay Test.
Review the transmission log — if the server returns 250 OK after the DATA command and the email is delivered, the server is an open relay. If it returns a 550 or 554 rejection it is correctly configured.
<>) as the Envelope From is used for delivery status notifications and bounce messages — useful for testing whether a receiving server correctly accepts DSNs.smtptest.diginterface.com so the test email itself is legitimate and should not trigger spam filters based on the sender.Enter the domain name you want to check — for example www.example.com. Do not include https://.
Set the port if it is not the standard 443. Common alternatives are 8443 (alternative HTTPS), 465 (SMTPS), 993 (IMAPS) and 636 (LDAPS). Leave as 443 for standard websites.
Click Check Certificate. The tool connects directly to the host, retrieves the certificate chain and displays the results.
Check the status pills at the top — green means valid, yellow means expiring within 30 days, red means expired or a hostname/chain issue.
Review Certificate Details for the issuer, serial number, signature algorithm, key type and exact validity dates with a countdown bar.
Check the Subject Alternative Names list to see all domains covered by the certificate — wildcard entries like *.example.com will appear here.
Review the Protocol & Cipher section to confirm the negotiated TLS version (TLS 1.3 is ideal) and cipher suite.
Enter the domain name you want to check propagation for — for example example.com or mail.example.com.
Select the record type from the dropdown — choose the specific record type you just changed: A for IP changes, MX for mail server changes, TXT for SPF/DMARC/verification records, NS for nameserver changes, etc.
Click Check Propagation. The tool queries 20 resolvers simultaneously — this takes a few seconds.
Review the summary bar at the top showing how many resolvers have the new answer, how many still have the old one, and the overall propagation percentage.
The Most Common Answer box shows the consensus — what the majority of resolvers are returning. This is usually the new record once propagation is mostly complete.
Resolvers marked ✓ Propagated (green) are returning the consensus answer. Those marked ✗ Different (red) are still returning a different answer — usually the old record.
Reload the page to re-run the check and see updated propagation status — there is no auto-refresh.
Enter the domain name you want to test — this should be the domain used in the From address of outbound emails (e.g. yourcompany.com).
Enter a DKIM selector if you want to include a DKIM check. To find your selector, open any outbound email in a mail client, view the raw headers and look for the DKIM-Signature header — the selector is the value after s=. Common selectors are google, s1, s2, default, selector1.
Click Run Checks. The tool runs all checks in parallel — results appear within a few seconds.
Review the score circle — 85+ is excellent, 65–84 is good, below 65 needs attention.
Work through any red (fail) cards first — these are the issues most likely to cause email rejection or spam classification. Then address yellow (warn) items.
Each card includes a 💡 advice line explaining what to do to fix the issue.
Review the MX Records table at the bottom to confirm your mail servers are resolving correctly.
p=none means monitoring only — it doesn't protect your domain from spoofing. Move to p=quarantine or p=reject once you've reviewed your DMARC reports.Click the Base64 Encode or Base64 Decode tab depending on what you need.
Type or paste your text into the left panel. The result appears in the right panel automatically as you type.
For encoding, tick URL-safe if the output will be used in a URL, JWT or filename — this replaces + with - and / with _.
Tick Line-break every 76 chars if the output needs to be formatted for email (MIME standard).
Use the ⇅ Swap button to instantly swap input and output — useful for round-tripping encode then decode.
Click 📋 Copy to copy the output to your clipboard.
Click the File → Base64 tab.
Drag and drop any file onto the drop zone, or click to browse. Images, PDFs, fonts — any file type works.
The Base64 output and a Data URI (data:image/png;base64,...) appear immediately. The Data URI can be pasted directly into an HTML src="" or CSS url() attribute to embed the file without a separate HTTP request.
Click the JWT Decoder tab.
Paste a JWT token (starts with eyJ) into the text area.
The header, payload and signature are decoded and displayed in colour-coded panels. The claims table below shows each payload field with a plain-English explanation — including expiry time in human-readable format and a warning if the token has already expired.
Note: the signature is not verified — this is a decode-only tool. Never trust a JWT's claims in a security context without verifying the signature.
Enter an IP address with CIDR notation in the input field — for example 192.168.1.0/24 or 10.0.0.0/255.255.0.0. You can also use the Quick chips below the input to load common subnets instantly.
Results appear automatically as you type — no need to click Calculate unless you want to force a recalculation.
Review the Network Information card for subnet mask, wildcard mask and network class.
Check the Address Range card for network address, first and last usable hosts and broadcast address.
The Capacity card shows total addresses and usable host count, plus whether the IP is private, public, loopback or link-local.
The Binary Representation card shows the IP, mask and network address in binary with network bits highlighted in blue and host bits in green — useful for understanding how CIDR works.
To split the network into subnets, change the Split into /__ subnets value in the Subnet Breakdown section. The table updates instantly showing network, first host, last host, broadcast and host count for each subnet.