How it works

What we check

Check	What it tells you
DNS (A/AAAA)	Does your domain resolve? Do you support IPv6?
Nameservers	Are your NS records healthy and redundant?
MX records	Where does your email go? Do you have backup servers?
SPF	Which servers are allowed to send email as you?
DKIM	Can recipients verify your emails haven't been tampered with?
DMARC	What should happen when someone fakes an email from you?
SSL	Is your certificate valid and not expiring soon?
Security headers	Is your site protected against common attacks?

How we check it

Every check is a public DNS query — the same data anyone can see by running dig in a terminal. We use Cloudflare's DNS-over-HTTPS API. Nothing proprietary, nothing hidden.

Why this matters

• Google and Yahoo now require SPF, DKIM, and DMARC for bulk senders
• Without these, your emails land in spam or get rejected entirely
• Email spoofing (someone sending emails pretending to be you) is trivially easy without DMARC
• These are one-time DNS record additions that protect you forever

What we don't do

• We don't store your results (unless you create a shareable link)
• We don't track you (no analytics, no cookies)
• We don't send any emails to/from your domain
• All checks are read-only DNS queries

Fix it yourself — provider guides

• Google Workspace — SPF/DKIM/DMARC setup
• Microsoft 365 — email authentication
• Cloudflare — email security DNS records
• GoDaddy — adding TXT records
• Namecheap — SPF/DKIM/DMARC records