DNS Security Analyzer
Check your SPF, DKIM, DMARC, DNSSEC, and CAA records instantly. Get an A-F grade with specific fix recommendations. No signup required.
What is DNS Security?
DNS security encompasses the protocols and records that protect your domain from email spoofing, phishing, DNS hijacking, and unauthorized certificate issuance. The three pillars of email authentication: SPF, DKIM, and DMARC work together to verify that emails sent from your domain are legitimate. Without these records, attackers can send emails that appear to come from your organization.
What Does This Tool Check?
- SPF (Sender Policy Framework): specifies which servers can send email for your domain
- DKIM (DomainKeys Identified Mail): cryptographic signature proving email authenticity
- DMARC: policy for handling emails that fail SPF/DKIM (none, quarantine, reject)
- DNSSEC: cryptographic validation preventing DNS spoofing attacks
- CAA Records: restricts which Certificate Authorities can issue SSL certificates
- MX & NS Records: mail server and nameserver configuration
Frequently Asked Questions
What is SPF and why does my domain need it?
SPF tells email receivers which servers are allowed to send email for your domain. Without it, anyone can forge emails appearing to come from you, a common phishing technique.
What DMARC policy should I use?
Start with p=none to monitor without blocking, then gradually move to p=quarantine and finally p=reject once you confirm legitimate email is passing authentication.
Is this tool free?
Yes, completely free with no signup required. For comprehensive vulnerability scanning including web application security, try a free CyberOrbit assessment.