Outbound Email Security Scan
Check your domain’s email authentication — no email required
Enter your domain to scan SPF, DKIM, DMARC, DANE, MTA-STS, and more.
How It Works
1️⃣
Enter Domain
Type your domain name
2️⃣
DNS-Only Scan
We check 10 DNS records — no email needed
3️⃣
Scored Report
Get a 0-10 score with fix commands and explanations
What You Get
7.6
Good
- 🎯 Security score (0-10) with category breakdown
- 🔧 Actionable fix commands using your actual DNS records
- 💡 Plain-language explanations of each finding
- 🔗 Links to free tools that fix common issues
What we check
SPF
Validates your SPF record structure, checks the 10-lookup limit, and identifies overly broad IP authorizations
DKIM
Discovers DKIM selectors, verifies key strength (2048-bit minimum), and checks for revoked keys
DMARC
Analyzes enforcement policy (none/quarantine/reject), subdomain coverage, and aggregate reporting configuration
DANE/TLSA
Verifies TLSA records match your mail server certificates — prevents man-in-the-middle attacks
MTA-STS
Checks that your MTA-STS policy is published, enforcing, and covers all MX hosts
MX Takeover
Detects MX records pointing to unresolvable or shared-hosting domains that could be hijacked
TLS-RPT
TLS failure reporting — are you getting notified when delivery encryption fails?
DNS Hijack
DNSSEC validation, NS diversity, wildcard detection
Subdomain Mail
Discovers subdomains accepting mail that may be unmonitored