DNS & SPF/DMARC Security Inspector
Zero-Trust Utilities
What is DNS & SPF/DMARC Security Inspector?
How it works
Features & Benefits
- Zero-Logging: DNS queries are performed browser-to-DoH-provider, avoiding third-party logging of scanned targets
- Email Spoofing Assessment: Instantly flags missing SPF, weak DMARC policies (p=none), or invalid MX records
- Raw DNS data: View resolved records (MX, TXT, A, AAAA, NS) in a clean, developer-friendly interface
- Educational: Explains SPF mechanisms and DMARC alignment rules in plain English
Frequently Asked Questions
How does DNS-over-HTTPS (DoH) preserve privacy?
By querying public DoH APIs directly from your browser, your query is mixed with trillions of other daily DNS resolutions. No middleman website logs your target domains.
Why is a missing DMARC policy dangerous?
Without a DMARC policy (or if the policy is set to p=none), servers receiving mail from your domain will not reject spoofed messages, even if they fail SPF or DKIM checks.
What SPF mechanisms are checked?
We analyze the catch-all mechanism (e.g., -all vs ~all vs +all) and warn you if it's set to +all or missing, which allows anyone to send mail on your behalf.
Related Tools
Scan for active subdomains entirely in your browser using secure DNS-over-HTTPS. Protect your investigation targets from logging.
Check your whole password vault against known breaches without uploading a single password. Uses HIBP k-anonymity for total privacy.
Popular Utilities
Format, validate, and minify JSON instantly in your browser. Your data never leaves your device.
Decode JWT tokens and inspect header and payload instantly in your browser. Your tokens never leave your device.
Count words, characters, sentences, and estimate reading time instantly in your browser. No sign-up required.