Back to Tools

Domain Intelligence Analyzer

Get a free, instant report on your domain's security, deliverability, and infrastructure.

Enter a domain to generate its security profile.

Understanding Your Domain's Security Score

A domain's security is not a single setting, but a combination of public records that tell the world how to handle its email. Our Domain Intelligence Analyzer checks these critical components:

  • SPF (Sender Policy Framework): A DNS record that lists which IP addresses and services are authorized to send email on behalf of your domain.
  • DKIM (DomainKeys Identified Mail): A digital signature that proves an email has not been altered in transit and truly came from the sending domain.
  • DMARC (Domain-based Message Authentication, Reporting & Conformance): A policy that tells receiving servers what to do with emails that fail SPF or DKIM checks, protecting you from spoofing and providing valuable reports.

A high score means your domain is well-protected against phishing and spoofing, which boosts your brand's trust and improves email deliverability to providers like Google and Yahoo.

Frequently Asked Questions

What does a domain health analysis check?

A domain health analysis checks all the public-facing records that define your domain's security and email configuration. This includes critical email authentication records like SPF, DKIM, and DMARC, as well as MX records (mail servers), NS records (name servers), and general web hosting information.

Why is my domain's security score low?

A low security score typically indicates missing or misconfigured email authentication records. Common reasons include having no DMARC record, an overly permissive SPF record (e.g., using `+all`), exceeding the SPF lookup limit, or lacking a DKIM signature. Our analyzer provides actionable recommendations to help you improve your score.

How can I improve my domain's security score?

You can improve your score by implementing the recommendations provided by the analysis. Key steps include creating a valid SPF record, setting up DKIM for all your sending services, and deploying a DMARC record, starting with a `p=none` policy and gradually moving to `p=reject` for full protection.