Loading
Preparing the page...
Loading
Preparing the page...
Query DNS records and review security relevant configuration. Checks SPF and DMARC, and can optionally check a DKIM selector. Also reports DNSSEC signals where available.
Public hostnames only. Private and local targets are blocked for security.
Download results as PDF, CSV, or JSON.
Run the tool to enable exports.
Sender Policy Framework is a DNS record that specifies which mail servers are authorised to send email for your domain. Without SPF, attackers can easily spoof emails appearing to come from your domain.
Domain-based Message Authentication builds on SPF and DKIM to tell receiving servers what to do with emails that fail authentication. It also provides reporting so you can monitor for spoofing attempts.
DNSSEC adds cryptographic signatures to DNS records, preventing attackers from poisoning DNS caches and redirecting your users to malicious sites. It is particularly important for financial and healthcare organisations.
The most common issues I see are missing or overly permissive SPF records, no DMARC policy, and dangling CNAME records that could allow subdomain takeover. This tool helps identify all of these.