Free Domain Security Report Card

The domain security report card grades any business domain from A to F across three areas. It checks your email authentication, which covers SPF, DKIM, and DMARC, your advanced email protection, which covers DNSSEC, MTA-STS, and TLS reporting, and your website security, which covers HTTPS, your TLS certificate, and key security headers. It reads only public DNS and website records, so it never logs in or changes anything on your domain.

SPF, DKIM, and DMARC work together to stop criminals from sending email that looks like it came from your domain. SPF lists the servers allowed to send mail for your domain. DKIM adds a tamper-proof signature to each message so receivers can confirm it was not changed. DMARC ties the two together and tells receiving servers what to do when a message fails, which is the part that actually blocks spoofing.

Your DMARC policy decides what happens to email that fails authentication. A policy of none only monitors and takes no action, so spoofed mail still gets delivered. Quarantine sends failing mail to spam. Reject blocks it outright. Most small businesses sit at none without realizing it, which means the domain is still open to spoofing even though DMARC is technically present.

Yes. If your domain has no DMARC record, or a DMARC policy set to none, an attacker can send email that appears to come from your exact address. This is how invoice fraud and impersonation scams usually start. Moving your DMARC policy to quarantine or reject is what closes that door, and the report card shows you where your domain stands today.

DKIM keys are published under a selector name that is unique to each mail platform. The report card automatically checks the common selectors, including selector1 and selector2 for Microsoft 365 and google for Google Workspace. If none of those return a result, your mail platform may use a custom selector, or DKIM signing may not be turned on.

The grade is a single letter from A to F based on a weighted score across the three areas, with email authentication carrying the most weight because it has the largest impact on spoofing and deliverability. An A means the core protections are in place. A C or below means there are real gaps that leave the domain exposed. The report lists every check so you can see exactly what raised or lowered the grade.

Yes, it is completely safe. The report card only reads public DNS and website records, the same information any mail server already sees. It does not log in, request a password, or change anything on your domain or your email. You can run it as many times as you like.

Fixing these records means editing your DNS and your mail platform settings, then moving DMARC from none to quarantine and finally to reject once your legitimate senders are confirmed. The order matters, because tightening DMARC too early can block your own mail. Wolferdawg IT Consulting can audit your records and close every gap on this report, and you can book a review from this page.