The Security Checker is a domain-level audit tool that evaluates the security posture of a website and its email infrastructure. It combines checks for email authentication, TLS/HTTPS configuration, and DNS-based transport security into a single, browser-based assessment.Purpose and Use Cases#
The tool is designed to answer how well a domain is protected against spoofing, interception, and misconfiguration across both web and mail channels. Typical use cases include pre‑launch security reviews, periodic audits of production domains, validation after DNS or certificate changes, and hardening initiatives driven by security or compliance requirements.It helps surface missing security mechanisms and weak policies so teams can prioritize improvements that reduce risk and strengthen trust in their domain.Users enter the primary domain to audit (without protocol) and can optionally provide a DKIM selector for more targeted checks. If no selector is provided, the tool attempts auto‑detection using common selector names such as default, google, selector1, mail, s1, and s2.After running the security check, results are grouped by category, making it easy to understand which areas (email, TLS, DNS security) require attention.Email Authentication Coverage#
The Security Checker inspects core email authentication standards, including SPF, DKIM, DMARC, and BIMI. It evaluates the presence and configuration of these records and highlights recommended policy levels and selector usage to achieve stronger protection against spoofing and phishing.This provides a concise view of whether outbound email from the domain can be reliably authenticated by receiving servers.SSL/TLS and HSTS Validation#
For web transport security, the tool validates the domain’s SSL/TLS certificate issuer, expiry window, and HTTP Strict Transport Security (HSTS) status. These checks help identify risks related to expired or mis‑issued certificates and downgrade or man‑in‑the‑middle attack surfaces when HSTS is not properly configured.DNS and Transport Security#
The Security Checker also looks for modern DNS and transport security mechanisms such as DNSSEC, CAA, MTA‑STS, and TLS‑RPT. It flags their presence or absence and offers improvement suggestions to strengthen email transport confidentiality and integrity.By combining these DNS‑level protections with authentication and TLS checks, the tool supports a holistic view of domain security. Modified at 2026-02-07 14:20:55
