Mail-server and email-authentication assessment — SPF, DKIM, DMARC, transport security, and the spoofing and relay weaknesses that enable phishing and business email compromise.
Enumerate MX records, mail servers, and published email-authentication policy for the domain.
Identify mail services and supported protocols (SMTP, IMAP, POP3) and their transport-security configuration.
Test for open relay, user enumeration, weak or missing authentication policy, and misconfigured SPF/DKIM/DMARC that permit spoofing.
Where authorized, demonstrate spoofing and deliverability gaps that enable phishing — with credential brute-force only against accounts you authorize.
Findings prioritised by impact with concrete DNS/server remediation to close spoofing and relay exposure.
Every finding is tagged against the frameworks your compliance team actually uses.
Every active test requires either attested ownership of the target during signup or an explicit written authorization on file. We log every test request against this authorization so there's never any ambiguity about scope — we are bound by the same Computer Misuse legislation our customers are.
Run your first scan in minutes. No credit card required for the free tier.