Comprehensive, free email security tools and DNS security checkers to analyse and harden your domain. Each tool provides instant results with actionable recommendations graded from A+ to F.
Validate your SPF (Sender Policy Framework) record to ensure only authorised mail servers can send email on behalf of your domain. Detect misconfigurations, too-many-lookups errors, and syntax issues.
Check nowAnalyse your DMARC (Domain-based Message Authentication, Reporting & Conformance) policy. Check enforcement levels, reporting addresses, and alignment modes to stop email spoofing.
Check nowVerify your DKIM (DomainKeys Identified Mail) DNS records and cryptographic signatures. Ensure email integrity and confirm messages haven't been tampered with in transit.
Check nowInspect your SSL/TLS certificate chain, expiration dates, protocol versions, and cipher suites. Catch expired certificates and weak configurations before they cause outages.
Check nowAudit your HTTP security headers including Content-Security-Policy, HSTS, X-Frame-Options, and more. Protect your site against XSS, clickjacking, and data injection attacks.
Check nowValidate the syntax of your SPF record against the RFC 7208 specification. Detect typos, malformed mechanisms, duplicate directives, and other syntax errors that break email authentication.
Check nowLook up and validate your DKIM DNS records by selector. Check key type, key size, test mode status, and provider identification for Google Workspace, Microsoft 365, Amazon SES, and more.
Check nowCheck whether your domain has DNSSEC (DNS Security Extensions) properly configured. Verify the chain of trust from root to your domain and detect signature issues.
Check nowRun all six checks at once with our comprehensive domain security scanner. Get a unified security grade and a prioritised list of improvements.
Run Full Domain ScanDomain security is a multi-layered challenge. Email authentication protocols like SPF, DMARC, and DKIM work together to prevent phishing and spoofing attacks that impersonate your brand. Meanwhile, SSL/TLS certificates encrypt data in transit, security headers protect your web application from common exploits, and DNSSEC ensures your DNS records haven't been tampered with.
Misconfiguring even one of these layers can leave your domain vulnerable. An overly permissive SPF record, a DMARC policy set to "none", or an expired SSL certificate can each create attack vectors that bad actors exploit daily. Our free domain security tools let you quickly identify and fix these gaps before they become incidents.
Each tool above checks a specific aspect of your domain's security posture and returns an easy-to-understand grade from A+ (excellent) to F (critical issues). Use them individually for targeted checks or run a full domain scan to get the complete picture.