Free Securafy Tool

Advanced Domain Security Scanner

Full email authentication audit with AI analysis, SPF depth check, subdomain coverage, MTA-STS, real blacklist queries, competitor comparison, and HubSpot automation — all in one tool.

10
Checks Performed
7
Live DNSBL Lists
18
Subdomains Checked
0
Third-Party APIs Needed
Domain Scan
domain://
SCANNING — Initializing...
DNS records — SPF, DMARC, DKIM, BIMI, MX
SPF lookup chain depth analysis
DKIM selector intelligence (platform-aware)
Subdomain SPF/DMARC coverage
MTA-STS policy check
MIME / S-MIME & mail provider
Blacklist — Spamhaus, SpamCop, Barracuda + 4 more
Scoring, grading & delta comparison
AI security analysis & remediation roadmap
Marketing email generation
HubSpot sync & automation
/ 10
🏅 Sample Report
AI Security Analysis & Remediation Roadmap
Waiting for scan...
Bulk Domain Scanner

Paste up to 100 domains, one per line. All results sync to HubSpot and export to CSV.

Scanning 0 / 0
Email Header Analyzer

Paste full email headers (from View Source / Show Original in your email client) to diagnose whether SPF, DKIM, and DMARC actually passed — not just whether records exist.

Rescan Schedule

Domains scheduled for automatic rescan. Scores are compared to previous results and delta is logged to HubSpot.

No domains scheduled yet. Enable "Auto-rescan" when running a scan.
HubSpot Workflow Setup

To trigger fully automatic rescans from HubSpot without running the tool manually:

1. Trigger: domain_next_rescan_date equals today
2. Webhook to: https://securafy.com/api/domain-scan
3. Payload: {"domain": "{{company.domain}}", "owner": "{{owner.email}}"}
4. Branch: if domain_security_score ≤ 7 → enroll in outreach sequence
5. Task: "Review rescan — {{company.domain}}" assigned to rep

Custom HubSpot properties needed:

domain_security_score · domain_security_grade · domain_security_delta · domain_last_scanned · domain_next_rescan_date · spf_status · dmarc_status · dkim_status · mta_sts_status · blacklist_status
White Label Configuration

Customize for co-branded use with referral partners or client portals. Settings apply to PDF reports and email templates.

Scan History
DomainScorePrevΔGradeSPFDMARCDKIMMTA-STSScannedHubSpot
No scans yet
Sample Report
See a full 6-page Securafy Advanced Domain Security Report — executive scorecard, detailed findings, business risk analysis, and AI remediation roadmap.
Download Sample Report →

Your Domain Score Is the Starting Point.
Securafy Fixes What's Broken.

Most businesses discover they have DMARC set to p=none — monitoring without protection — or no authentication at all. Securafy implements and maintains DMARC, SPF, DKIM, and BIMI as part of our managed security services. Prevention-First. Compliance-Ready. Serving businesses nationwide.

Get Free Email Security Help Take the Cyber Risk Assessment
Columbus & Cleveland, Ohio — Serving All 50 States

FREE · 30 MINUTES · NO SALES PITCH

See Exactly Where You're Exposed.
Before an Attacker Does.

Our free 47-point network and security assessment gives you a prioritised remediation report in plain language — no obligation, no upsell.

Book a Free Strategy Call → (330) 906-8888

Soteria Award — Most Trusted MSP in North America 2024  ·  30-Day Risk-Free Trial  ·  10-Minute Response Guarantee

Frequently Asked

About the Advanced Domain Scanner

What's the difference between the basic and advanced domain scan?
The basic scan checks email authentication (SPF, DKIM, DMARC) and reports configuration status. The advanced scan adds MTA-STS, TLS-RPT, BIMI, DNSSEC, blacklist presence across 60 or more RBLs, and historical DNS data — giving you the full deliverability and reputation picture.
What is MTA-STS and do I need it?
MTA-STS (Mail Transfer Agent Strict Transport Security) forces inbound mail to be delivered over encrypted TLS connections — preventing downgrade attacks and man-in-the-middle interception. If your business handles regulated data in healthcare, financial services, or legal, MTA-STS is effectively required to meet modern compliance standards. Most domains don't have it configured.
Why is my domain on a blacklist?
Domains land on blacklists when their IP or sending reputation has been associated with spam, phishing, or compromised mail servers. Common causes include a previously compromised account sending spam, shared hosting where another tenant misbehaved, missing or misconfigured SPF and DKIM, or buying a domain with poor history. Each blacklist has its own delisting process — Securafy can manage that.
How do I fix SPF, DKIM, and DMARC failures?
Fixing email authentication requires updating DNS records for your domain, then progressively tightening DMARC policy from "none" to "quarantine" to "reject" while monitoring legitimate mail flow. Done wrong, you bounce real email. Securafy provides email authentication setup and ongoing monitoring as part of our Email Security service.