THE ATTACKER'S VIEW,
TOUCHING NOTHING.
What anyone on the Internet sees about your domain: email authentication, HTTP headers, TLS, exposed surface. No intrusion, no aggressive scanning — only public data, read and graded in seconds.
https://
SPF · DMARC · DKIM
HTTP headers
TLS / Certificate
CT logs
Passive scan — public data only. This tool reads information that is published and accessible to any browser or mail client. It performs no penetration test, no port scan, no enumeration. The result is an indicative snapshot and does not replace an audit or pentest. By running the scan, you confirm you are authorised to do so.
–
TURN THIS INTO AN ACTION PLAN
Get this report by email and talk to an expert: we prioritise the fixes, and look at what a deeper (active, mandated) assessment would reveal that this external view can't show.