Domain Checkup

Free audit of any domain's DNS, email and security configuration

Website Hosting

DNS / Network

WHOIS / RDAP

SSL Certificate

Platform / CMS

DNS Security

Mail Intelligence

Email Security

SPF

DMARC

DKIM

BIMI

MTA-STS

Email Client Config

Autodiscover (Exchange / M365)

Autoconfig (Thunderbird)

SRV records

Data from Cloudflare DNS & RIPE Stat

Why audit your domain’s DNS configuration?

A misconfigured domain translates into emails rejected as spam, a website that lags or goes down, and above all exposure to targeted phishing attacks (attackers look for domains with missing SPF/DKIM/DMARC to impersonate companies). Regular checks aren’t luxury — they’re what keeps a customer from receiving a fake email @your-domain.com and paying a fraudulent invoice.

Our tool covers the whole perimeter in a single request: base DNS, email security, DNSSEC, TLS certificate of the website, mail client configuration (Thunderbird, Microsoft). Data comes from public sources — Cloudflare DNS (DoH) for DNS queries and RIPE Stat for network information — no intrusive scan is launched against the target domain.

How to read the results?

Each card shows a status: green = correct, yellow = present but improvable (e.g. DMARC policy at p=none instead of p=quarantine), red = missing or broken. Red items are priorities — typically a missing DMARC, an expired TLS certificate, or an MX pointing to an unreachable server.

If your audit reveals configurations to harden and you don’t have the in-house team to deploy them, get in touch — that’s what we do.

Frequently asked questions

What are SPF, DKIM and DMARC, and why do they matter?
Three standards that, used together, prevent anyone from sending emails impersonating your domain (spoofing). SPF lists the servers allowed to send on behalf of your domain, DKIM cryptographically signs outgoing messages, DMARC tells receiving servers what to do when a message fails both. Without them, an attacker can send a fake email @yourdomain.com that lands in your customers’ inboxes.
Which channels are checked?
Base DNS (A, AAAA, NS, MX), email security (SPF, DKIM, DMARC, MTA-STS, BIMI), DNS security (DNSSEC, CAA), the website’s TLS certificate, Thunderbird autoconfig and Microsoft Autodiscover (two protocols mail clients use to find your servers automatically), and a simplified WHOIS. DNS queries go through Cloudflare (DoH) and network data through RIPE Stat.
Can I scan any domain?
Yes — every piece of data queried is public by design: a DNS record is visible to all of Internet. The tool just walks through it faster and more readably than 20 successive dig commands. No intrusive request is ever sent to the target domain (no port scan, no intrusion test).