DNS & Email Security Check
Verify your domain's DNS security records. Check SPF, DMARC, DKIM, CAA, and DNSSEC configuration. Protect against email spoofing.
What we check
How it works
Your DNS records are the first line of defense against email spoofing and phishing. Without proper SPF, DMARC, and DKIM records, attackers can send emails that appear to come from your domain. Our scanner checks all email authentication records and DNS security configurations.
Results are available in seconds. No installation or server access required — we scan your website from the outside, just like an attacker would.
Frequently Asked Questions
SPF (Sender Policy Framework) is a DNS record that specifies which mail servers are allowed to send email on behalf of your domain. Without it, anyone can forge emails from your domain for phishing attacks.
SPF verifies the sending server, while DMARC tells receiving servers what to do when SPF or DKIM checks fail (reject, quarantine, or allow). You need both for complete email authentication.
Add a TXT record at _dmarc.yourdomain.com with value "v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com". Start with p=none for monitoring, then progress to p=quarantine and finally p=reject.
Need a deeper analysis?
Our Pro and Deep scans include OWASP Top 10 analysis, malware detection, exposed files, and up to 27 security scanners with a professional PDF report.