What is a domain scanner?
A domain scanner is a complete domain health diagnostic tool designed to help you identify all possible issues with your domain security infrastructure. With a simple click of the "Show Results" button, you can quickly check your SPF, DKIM, DMARC, and BIMI records to see how your domain is configured.
With the DMARC Domain Analyzer & Checker tool, you can:
- See the detailed results of your SPF record, detect possible issues, and get instructions on validating and verifying your SPF record.
- See the status of your DKIM record, detect possible issues with your DKIM selectors, and get instructions on validating and implementing the correct DKIM record for your domain.
- Check, look up, and detect your DMARC record’s status and possible issues, and get instructions on validating and implementing the correct DMARC record.
- See the detailed results of your BIMI record, detect possible issues, and get instructions on validating and verifying your BIMI record.
EasyDMARC’s Domain Scanner tool acts as a domain health checker, allowing you to stay ahead of potential threats and protect your domain. It’s more than just a simple domain scanner. It provides a detailed analysis of your domain (Domain Test), helping you identify any potential issues that may affect the security of your online presence.
What does the “Empty Record” mean?
If one of your domain’s records, such as SPF, DKIM, DMARC, or BIMI, is shown as an “Empty Record,” it means you don’t have this record type implemented in your DNS. To fix the problem, you must generate and configure the missing record.
Here’s what you need to do for each email authentication record that’s missing from your DNS:
For SPF records:
- Evaluate your DMARC reports
Check your DMARC reports to understand how your emails are being handled by email servers. - Identify your SPF results
Determine whether or not you need to add an SPF record and what changes you need to make to it by checking your reports for SPF results. - Adjust your SPF record using an SPF generator
Use our EasyDMARC SPF Generator tool to create an SPF record that includes all necessary information, such as the IP addresses of your mail servers and any third-party services you use to send emails. - Analyze DMARC reports to ensure everything is working
After adding an SPF record, monitor your email deliverability, analyze your DMARC reports to ensure all your emails are being authenticated correctly, and take corrective action if you notice any problems.
For DKIM records:
- Generate a DKIM key pair
Generate a DKIM key pair using your email server or EasyDMARC’s DKIM Key Generator tool. If you use a third-party email service, the key should be generated from the third-party portal. - Publish the public key in your DNS
Publish the public key in your DNS as a TXT record for the domain that will be signing the emails. - Configure your mail server to sign emails
If you have a dedicated server, configure your email server to use the private key to sign outgoing emails. If you use a third-party email service, activate DKIM signing through the service provider's portal. - Monitor DKIM signatures
Monitor your DKIM signatures by evaluating the DMARC reports to ensure that your emails are being authenticated correctly.
For DMARC records:
- Add DMARC in the monitoring stage
Add a DMARC record with a policy of "none" using our EasyDMARC DMARC Generator tool to start monitoring email traffic and identifying legitimate and illegitimate sources. - Evaluate DMARC reports and identify sources
Review DMARC reports to identify sources of legitimate and illegitimate email traffic and take corrective action to improve email authentication practices. - Authenticate all legitimate sources
Authenticate all legitimate sources of email traffic by implementing SPF and DKIM, and ensure that all emails are properly authenticated. - Enforce the DMARC policy
Gradually enforce a DMARC policy of "reject" to block illegitimate email flow and protect your domain from email spoofing and phishing attacks.
For BIMI records:
- Enforce your DMARC policy
Ensure that your DMARC policy is set to "reject" or "quarantine" to enforce email authentication and prevent fraudulent use of your domain. - Prepare a BIMI-compatible logo
Use EasyDMARC’s BIMI Converter tool to prepare a BIMI-compatible SVG logo that meets the necessary specifications. - Obtain VMC certificate
Obtain a Verified Mark Certificate (VMC) to ensure the legitimacy of your logo and enable email service providers (ESPs) to display your company logo in the emails that they deliver.
How to improve domain security and trust?
In addition to registering your domain with a reputable registrar that supports excellent security measures, you should pay attention to email infrastructure protection if you want an improved domain reputation. EasyDMARC’s Domain Scanner is a diagnostic tool that allows you to start your journey to better domain security.
Depending on the DMARC testing results, you’ll have to go through email authentication protocols and configure each properly.
To make the journey easier, we recommend that you sign up with EasyDMARC, and our all-in-one email authentication platform will guide you through the process. You’ll get detailed reports of SPF, DKIM, and DMARC failures and be able to identify and fix deployment issues. With EasyDMARC, you can improve your email deliverability, prevent email phishing attacks, and increase the trustworthiness of your emails.