What gets checked
A traffic-light report across every layer that has to work for your site to load and your mail to be trusted — modelled on the classic comprehensive DNS report, brought up to date with modern email-security standards.
Domain
- Domain registration & expiryRegistrar, lock status and how long until the domain expires.
DNS
- Parent delegation & glueHow the TLD points the world at your nameservers.
- NameserversAre your nameservers plural, diverse, healthy and in agreement?
- SOA recordThe zone’s "start of authority" timers and serial.
- DNSSECIs your DNS cryptographically signed and validating?
Web
- Website addresses (A / AAAA)The IPv4 / IPv6 addresses your domain points to.
- Website reachabilityDoes the site load over HTTP and redirect to HTTPS?
- Website TLS certificateIs the HTTPS certificate valid, trusted and current?
- CAA recordsWhich certificate authorities may issue certs for you.
- Mail routing (MX)Where inbound email for the domain is delivered.
- Mail server connectivityDo your mail servers answer, greet and offer encryption?
- SPF – sender authorizationWhich servers are allowed to send mail as your domain.
- DKIM – signing keysPublished public keys that prove your mail is genuine.
- DMARC – policy & reportingYour published policy for handling forged mail.
- Mail transport securityMTA-STS, TLS-RPT and DANE for encrypted mail delivery.
Reputation
- IP blacklists (DNSBL)Are your web / mail IPs on common block lists?