🛡️SecOSS
+ Scan
🛡️SecOSS

No account needed

Data stays in your browser

Email Security & DNS Misconfiguration Scanner

Check SPF, DMARC, DKIM, MX and MTA-STS for any domain — instant DNS audit

Email spoofing attacks exploit missing or misconfigured SPF, DMARC, and DKIM records. SecOSS queries DNS directly to audit your domain's email security posture — no login or API key required. Get an A–F grade with actionable fixes for every misconfiguration found, including DMARC policy enforcement level, SPF alignment, DKIM key detection across common selectors, MTA-STS enforcement, and BIMI brand indicator status.

How to use

  1. 1Enter any domain name (e.g. example.com). SecOSS queries DNS directly — no email access or account needed.
  2. 2SPF, DMARC, and MX records are checked instantly. DKIM is probed across 25+ common selectors.
  3. 3Each check is rated pass, warn, or fail with a score impact. The domain receives an overall grade A–F.
  4. 4Use the recommendations shown for each failing check to fix misconfigurations in your DNS provider.

Enter any domain name. SecOSS queries DNS directly to check your email security configuration — no login or API key required.

Try:

What we check

  • SPF — authorised sending servers
  • DMARC — policy & reporting
  • DKIM — public key detection
  • MX — mail server configuration
  • MTA-STS — TLS enforcement
  • BIMI — brand indicator