Loading...
Loading...
Domain and email security is no longer optional — it is a requirement. Phishing attacks that spoof legitimate business domains are responsible for billions of dollars in losses every year, and major email providers now reject messages from domains without proper authentication. Our free security tools help you audit your DMARC policy, validate SPF records, inspect SSL/TLS certificates, and identify vulnerabilities before attackers do. Whether you are hardening a corporate email system, verifying a vendor's security posture, or ensuring your own domain cannot be used for phishing, these tools give you instant, detailed results with clear recommendations for remediation.
Comprehensive email & DNS security report with health score
Comprehensive security scan: SSL, headers, HTTPS redirects, and open ports
Check DMARC policy and configuration for a domain
Validate SPF records and email authentication setup
Flatten SPF records to direct IPs and reduce DNS lookups
Validate DKIM records and email signing configuration
Verify BIMI brand logo configuration and VMC certificate
Verify MTA-STS email TLS enforcement, policy file, and TLSRPT configuration
Verify DANE TLSA records for DNS-based certificate authentication
Check which Certificate Authorities can issue SSL certificates for a domain
Verify SSL/TLS certificate details and expiration
Check if your domain or IP is on email blacklists
Analyze HTTP response headers and security header configuration
Trace the full HTTP redirect chain for any URL with status codes and timing
Check open SMTP, IMAP, POP3, and web ports on any domain
Test which TLS protocol versions (1.0, 1.1, 1.2, 1.3) a server supports
Generate DMARC TXT records with policy, reporting, and alignment settings
Create SPF TXT records with authorized senders, IPs, and lookup validation
Generate DKIM TXT records with selector, key type, and hash algorithm settings
Detect CMS, frameworks, analytics, CDN, and server software on any website
Discover active DKIM selectors by scanning 30+ common selector names
Verify the complete SSL/TLS certificate chain with expiration and algorithm checks
Analyze HTTP security headers with A-F grading for HSTS, CSP, X-Frame-Options, and more
Verify DNSSEC configuration, DNSKEY and DS records, and chain of trust validation
Scan supported SSL/TLS cipher suites and test for weak ciphers and forward secrecy
The email security landscape has changed dramatically. Google, Yahoo, and Microsoft now enforce strict authentication requirements for all senders, and domains without properly configured DMARC, SPF, and DKIM records face deliverability problems or outright message rejection. For businesses that rely on email for communication, sales, and customer support, these requirements are not optional — they are the baseline for maintaining a functional email system.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is the cornerstone of modern email security. It tells receiving mail servers how to handle messages that fail SPF or DKIM authentication — either allow them through, quarantine them to spam, or reject them entirely. A DMARC policy of "p=none" provides monitoring only, while "p=quarantine" and "p=reject" offer increasing levels of protection. The goal for every domain should be reaching a "p=reject" policy, which prevents unauthorized senders from delivering email using your domain name.
SSL/TLS certificates are equally critical. They encrypt the connection between a user's browser and your server, protect data in transit, and signal trustworthiness to both users and search engines. An expired or misconfigured certificate triggers browser warnings that drive visitors away and can break API integrations. Modern certificates typically last 90 days (for Let's Encrypt) to one year, making regular monitoring essential to avoid unexpected outages.
SPF records define which IP addresses and servers are authorized to send email for your domain. A common mistake is exceeding the 10-DNS-lookup limit, which causes SPF validation to fail silently. Our SPF Checker analyzes your record, counts lookups, and flags any issues that could cause authentication failures. Combined with DMARC reporting, these tools give you complete visibility into your email authentication infrastructure.
Start with "p=none" to monitor your email authentication without affecting delivery. Once you have confirmed that all legitimate email sources pass SPF and DKIM checks, move to "p=quarantine" and eventually "p=reject" for maximum protection against spoofing. The transition typically takes 2-4 weeks of monitoring.
When an SSL certificate expires, browsers display a prominent security warning that prevents most visitors from accessing your site. Additionally, API connections may fail, email servers may refuse TLS connections, and search engines may de-index your pages. Use our SSL Checker to monitor certificate expiration dates and avoid unexpected outages.
SPF records can include up to 10 DNS lookups (include, a, mx, redirect, exists mechanisms). Exceeding this limit causes SPF validation to return a "permerror" result, meaning your authentication effectively fails. This is a common issue for organizations using multiple email services. Our SPF Checker counts your lookups and warns you if you are approaching or exceeding the limit.
Without proper SPF, DKIM, and DMARC records, anyone can forge the "From" address in an email to appear as if it came from your domain. This is called email spoofing and is a primary technique used in phishing attacks. Implementing a DMARC policy of "p=reject" instructs receiving servers to reject unauthorized emails, effectively preventing spoofing of your domain.