Built by specialists,
given away for free.
Diagnostic tools we use ourselves, made public so anyone running a mail server, DNS zone or production environment can check the same things we'd check on day one of a new engagement. All run in your browser — nothing sent to our servers, nothing logged.
Website security scanner (30+ checks)
Full passive security scan in one shot: email auth (SPF, DKIM, DMARC), domain records (DNSSEC, CAA, MTA-STS), HTTP headers (CSP, HSTS, CORP, COOP, COEP), TLS certificate, WAF/CDN detection, AI bot protection, privacy policy check, 45 sensitive path probes, and more. Letter grade + per-check findings.
Email auth checker (SPF / DKIM / DMARC)
Check any domain's SPF, DKIM and DMARC configuration in five seconds. Probes 19 common DKIM selectors, flags policy issues, and identifies the email provider.
Mail server blacklist checker (RBL / DNSBL)
Check any IP or domain against 14 popular mail blacklists in parallel — Spamhaus, SpamCop, Barracuda, SORBS, UCEPROTECT and more. Listed results include direct delisting links.
MX lookup with provider detection
Find where mail to any domain actually lands. MX records sorted by priority, with provider detection for Google, M365, ProtonMail, SES, Proofpoint, Mimecast and more.
DNS lookup (A, AAAA, MX, TXT, NS, CAA, DS…)
Like dig, in your browser. Query nine record types in parallel for any domain, with TTLs and clean tabular output. Useful for everything DNS-adjacent.
Domain security records (DNSSEC, CAA, MTA-STS, TLS-RPT, BIMI)
Beyond SPF/DKIM/DMARC. Validates the modern domain-security signals receivers and certificate authorities check before trusting your mail and your TLS certs. Pure DNS, no setup.
HTTP security headers grader
Grade any URL on Content-Security-Policy, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, cookie flags and HTTPS redirect chain. Single-letter grade plus per-header detail.
Mail Shield — managed email security
Same engineering as the tools above, productised. Australian-hosted email security gateway: inbound + outbound filtering, phish/malware/ impersonation defence, with specialist support on the line. From AUD $25 / user / month.
Why these exist
Mail diagnostics shouldn't cost $50/month. There are excellent paid services that bundle 10× more checks behind a paywall — but if all you want is "is this domain's DMARC set up correctly" or "is my mail IP on Spamhaus right now", that's a 30-second answer and we don't think it should be gated.
We use these tools ourselves. The blacklist checker runs against our own outbound mail IPs every morning. The MX lookup gets opened on day one of every new client engagement. Open-sourcing them costs us nothing and saves you a signup.
Privacy
Every tool here runs entirely in your browser. Lookups go directly to Cloudflare's public DNS-over-HTTPS endpoint — they don't touch our servers. We don't run analytics on these pages. We don't log IPs, queries, or anything else. The only record of what you checked is in your own browser's network tab.
Need a specialist?
If a check flagged something you'd rather have diagnosed properly — the messy edge cases the tools can't see — we do this every day. Mail authentication, deliverability, blacklist incident response, DNS migrations, you name it.