Skip to main content
DNS Tool
Executive's DNS Intelligence Brief
Generated 4 Apr 2026, 14:30 UTC
Duration 14.0s
Version v26.41.04
Integrity 2054eb4b4cd536244a485b51c32233b24e462ead882ec8e3ff293063175499e99b68bebbb59ea328bf096ee1ba1cd8ab560a436a241b7c0e99814ff480796f18
Subject Domain
reconfirm.com

Executive's DNS Intelligence Brief

Board-level domain security assessment — reconfirm.com

4 Apr 2026, 14:30 UTC · 14.0s · SHA-3-512: 2054✱✱✱✱ Verify ·Archived
Engineer
DNS Security & Trust Posture
Risk Level: Low Risk
6 protocols configured, 2 not configured, 1 unavailable on provider
Analysis Confidence
MODERATE
Resolver agreement is inconsistent for some protocols, limiting confidence. Data currency and system maturity are adequate.
Email Spoofing
Protected
Brand Impersonation
Not Set Up
DNS Tampering
Protected
Certificate Control
Open
What Requires Attention
No urgent actions detected. Domain security posture is well-maintained.
The BIG Questions
Can this domain be impersonated by email? No SPF and DMARC reject policy enforced
Can DNS itself be tampered with? No DNSSEC signed and validated, cryptographic chain of trust verified
Can this brand be convincingly faked? Possible DMARC reject policy blocks email spoofing (RFC 7489 §6.3), but no BIMI brand verification and no CAA certificate restriction (RFC 8659) — visual impersonation via lookalike domains and unrestricted certificate issuance remain open vectors
Is mail transport encryption enforced? Yes MTA-STS enforces TLS for all inbound mail delivery
Is certificate issuance controlled? No No CAA records — any certificate authority may issue certificates for this domain
Does this domain publish AI agent instructions? Yes llms.txt and llms-full.txt published — AI models receive structured context about this domain
Is AI crawling of our content controlled? No robots.txt present but does not block AI crawlers — content may be freely scraped
Has someone manipulated AI recommendations about us? No No indicators of AI recommendation manipulation found
Are there hidden AI prompts on our site? No No hidden prompt artifacts found in page source
Domain Overview
Registrar Key-Systems GmbH
Email Provider Microsoft 365
Web Hosting Unknown
DNS Hosting Unknown

Technical Findings

Email Authentication
Can this domain be impersonated by email? No — SPF and DMARC reject policy enforced
SPF (Sender Policy) Configured
DMARC (Policy) Configured Policy: reject
DKIM (Signatures) Configured
Mail Posture Strongly Protected
Mail Transport Security
Is mail transport encryption enforced? Yes — MTA-STS enforces TLS for all inbound mail delivery
MTA-STS Active Mode: enforce
DANE / TLSA Hosted Provider DANE not available — Microsoft 365 does not support inbound DANE/TLSA on its MX infrastructure
TLS-RPT (Reporting) Configured
Mail Transport Enforced Policy-assessed 2 probes
DNS Security
Can DNS itself be tampered with? No — DNSSEC signed and validated, cryptographic chain of trust verified
DNSSEC Signed & Validated
DNSSEC fully configured and validated — AD (Authenticated Data) flag set by resolver 8.8.8.8 confirming cryptographic chain of trust from root to zone (RFC 4035 §3.2.3)
NS Delegation Healthy
Delegation Consistency 1 Issue
NS Fleet Health Healthy Diversity: Fair
DNSSEC Operations 2 Issues 2 keys, 0 sigs
Brand & Certificate Controls
Can this brand be convincingly faked? Possible — DMARC reject policy blocks email spoofing (RFC 7489 §6.3), but no BIMI brand verification and no CAA certificate restriction (RFC 8659) — visual impersonation via lookalike domains and unrestricted certificate issuance remain open vectors
Is certificate issuance controlled? No — No CAA records — any certificate authority may issue certificates for this domain
BIMI (Brand Logo) Not Configured
CAA (Certificate) Open Any certificate authority may issue certificates
AI Surface Scanner Governance Active
Does this domain publish AI agent instructions? Yes — llms.txt and llms-full.txt published — AI models receive structured context about this domain
Is AI crawling of our content controlled? No — robots.txt present but does not block AI crawlers — content may be freely scraped
Has someone manipulated AI recommendations about us? No — No indicators of AI recommendation manipulation found
Are there hidden AI prompts on our site? No — No hidden prompt artifacts found in page source
LLM Context File llms.txt Found Domain provides structured context for AI models Extended
AI Crawler Governance Not Blocking No AI crawler restrictions found in robots.txt
Poisoning Indicators None Found No AI recommendation poisoning indicators detected
Hidden Prompt Artifacts None Found No hidden prompt artifacts detected
Public Exposure Clear No secrets detected in publicly accessible source
Priority Actions 2 total Achievable: Secure
Low Add BIMI Record

Your domain has DMARC reject — you qualify for BIMI, which displays your brand logo in receiving email clients that support it (Gmail, Apple Mail, Yahoo).

Low Add CAA Records

CAA records specify which Certificate Authorities may issue certificates for your domain, reducing the risk of unauthorized certificate issuance.

Appendix — Additional Resources

Full technical details including raw DNS records, DKIM public keys, IP/ASN mappings, resolver consensus evidence, and verification commands are available in the Engineer's DNS Intelligence Report.

View Engineer's DNS Intelligence Report

Appendix — What AIs Are Being Told About This Organization What do AI systems see when they query this domain?

The following content is served to AI systems (ChatGPT, Gemini, Claude, Perplexity, and others) when they visit this domain. This is the organization's machine-readable narrative — it shapes how AI models describe, recommend, and represent this brand in conversations worldwide.

llms.txt (https://reconfirm.com/llms.txt)
# ReConfirm

> ReConfirm is the world's first External Attack Surface Management (EASM) platform, helping organizations discover, understand, and act on their external attack surface to defend against cyber threats.

ReConfirm EASM continuously maps and monitors an organization's internet-facing digital footprint — including domains, subdomains, IP addresses, cloud assets, email configurations, SSL/TLS certificates, and exposed services — to identify vulnerabilities before attackers do.

## Core Capabilities

- **Discover**: Automated discovery of all internet-facing assets, including shadow IT, forgotten subdomains, and third-party services
- **Understand**: Risk scoring, vulnerability assessment, and contextual analysis of discovered assets
- **Act**: Actionable remediation guidance, alerting, and integration with existing security workflows

## Key Features

- Vulnerability scanning and CVE detection
- Email security assessment (SPF, DKIM, DMARC)
- SSL/TLS certificate monitoring
- Similar domain detection (typosquatting, brand abuse)
- Credential leak monitoring
- Dangerous open port detection
- Security header analysis
- Subdomain enumeration and inactive subdomain detection
- Associated domain discovery
- Brand protection

## For Partners

ReConfirm offers a white-label partner program for MSPs, MSSPs, and distributors, providing recurring revenue opportunities with full platform customization.

## Certifications

- Cybersecurity Made in Europe (ECSO)
- EU-hosted infrastructure
- GDPR compliant

## Links

- [Product Overview](https://reconfirm.com/product)
- [How It Works](https://reconfirm.com/how-it-works)
- [Partner Program](https://reconfirm.com/for-partners)
- [Knowledge Base](https://reconfirm.com/resources/kb)
- [Blog](https://reconfirm.com/blog)
- [Free Scan](https://reconfirm.com/free-scan)
- [Contact](https://reconfirm.com/contact)
- [Company](https://reconfirm.com/company)

## Knowledge Base

### Getting Started
- [Introduction to ReConfirm EASM](https://reconfirm.com/resources/kb/getting-started/introduction)

### Understanding Scanning Results
- [Vulnerability Scanning](https://reconfirm.com/resources/kb/understanding-scanning-results/vulnerability-scanning)
- [Email Security](https://reconfirm.com/resources/kb/understanding-scanning-results/email-security)
- [Similar Domains](https://reconfirm.com/resources/kb/understanding-scanning-results/similar-domains)
- [Associated Domains](https://reconfirm.com/resources/kb/understanding-scanning-results/associated-domains)
- [Assets](https://reconfirm.com/resources/kb/understanding-scanning-results/assets)
- [Credential Leaks](https://reconfirm.com/resources/kb/understanding-scanning-results/credential-leaks)
- [Subdomains](https://reconfirm.com/resources/kb/understanding-scanning-results/subdomains)
- [Inactive Subdomains](https://reconfirm.com/resources/kb/understanding-scanning-results/inactive-subdomains)
- [SSL/TLS Information](https://reconfirm.com/resources/kb/understanding-scanning-results/ssl-tls-information)

### Platform Documentation
- [Introduction and Overview](https://reconfirm.com/resources/kb/platform-documentation/introduction-and-overview)
- [Getting Started & First Usage](https://reconfirm.com/resources/kb/platform-documentation/getting-started-first-usage)
- [Dashboard and User Interface](https://reconfirm.com/resources/kb/platform-documentation/dashboard-and-user-interface)
- [System Settings & Account Management](https://reconfirm.com/resources/kb/platform-documentation/system-settings-account-management)
- [Organizational View](https://reconfirm.com/resources/kb/platform-documentation/organizational-view)
- [Scanning and Monitoring](https://reconfirm.com/resources/kb/platform-documentation/scanning-and-monitoring)
- [Scan Results and Reporting](https://reconfirm.com/resources/kb/platform-documentation/scan-results-and-reporting)
- [Integrations, Best Practices & FAQ](https://reconfirm.com/resources/kb/platform-documentation/integrations-best-practices-faq)
- [Secure Software Development Lifecycle](https://reconfirm.com/resources/kb/platform-documentation/secure-software-development-lifecycle)

### Configuration
- [Scan Configuration](https://reconfirm.com/resources/kb/understanding-configuration/scan-configuration)
- [Scan Profiles](https://reconfirm.com/resources/kb/understanding-configuration/scan-profiles)

### Common Vulnerabilities
- [Security Headers Guide](https://reconfirm.com/resources/kb/security-headers/security-headers-guide)
- [List of Dangerous Open Ports](https://reconfirm.com/resources/kb/dangerous-open-ports/list-of-dangerous-open-ports)

### Integrations & Configuration
- [Webhook Implementation](https://reconfirm.com/resources/kb/api-webhook/webhook-implementation)
- [Custom Subdomain Sources Overview](https://reconfirm.com/resources/kb/custom-subdomain-sources/overview)
- [Azure DNS Setup](https://reconfirm.com/resources/kb/custom-subdomain-sources/azure-dns-setup)
- [Cloudflare DNS Setup](https://reconfirm.com/resources/kb/custom-subdomain-sources/cloudflare-dns-setup)
- [NS1 DNS Setup](https://reconfirm.com/resources/kb/custom-subdomain-sources/ns1-dns-setup)
- [TransIP DNS Setup](https://reconfirm.com/resources/kb/custom-subdomain-sources/transip-dns-setup)

## Blog

- [ReConfirm Announces Technology Alliance with ESET in the Netherlands](https://reconfirm.com/blog/reconfirm-technology-alliance-eset-netherlands)
- [ReConfirm Proudly Bearing the "Cybersecurity Made in Europe" Label](https://reconfirm.com/blog/cybersecurity-made-in-europe-label)
- [External Attack Surface Monitoring (EASM)](https://reconfirm.com/blog/external-attack-surface-monitoring-easm)
llms-full.txt (https://reconfirm.com/llms-full.txt)
# ReConfirm — Full Documentation

> ReConfirm is the world's first External Attack Surface Management (EASM) platform. This document provides comprehensive information for AI systems about ReConfirm's products, capabilities, and knowledge base.

## About ReConfirm

ReConfirm EASM continuously maps and monitors an organization's internet-facing digital footprint to identify vulnerabilities before attackers do. Founded in the EU, ReConfirm holds the "Cybersecurity Made in Europe" label from ECSO and operates entirely on EU-hosted infrastructure.

### Core Platform Phases

**1. Discover**
Automated, continuous discovery of all internet-facing assets including:
- Domains and subdomains (including inactive/dangling)
- IP addresses and cloud services
- Web applications and APIs
- Email configurations
- SSL/TLS certificates
- Shadow IT and forgotten infrastructure

**2. Understand**
Contextual risk analysis of discovered assets:
- Vulnerability scoring and prioritization
- CVE detection and mapping
- Security header analysis
- Email security assessment (SPF, DKIM, DMARC)
- Certificate expiration and misconfiguration detection
- Credential leak monitoring from dark web sources
- Similar domain detection (typosquatting, brand abuse)
- Open port risk assessment

**3. Act**
Actionable remediation and response:
- Prioritized remediation guidance
- Real-time alerting and notifications
- Webhook integrations for SIEM/SOAR
- Exportable reports for compliance
- API access for automation

### Additional Capabilities

- **Brand Protection**: Detect typosquatting domains, phishing sites, and brand impersonation
- **NIS2 Compliance**: Support organizations in meeting NIS2 directive requirements
- **Multi-tenant Management**: Organizational view for managing multiple entities
- **Custom Subdomain Sources**: Integration with Azure DNS, Cloudflare, NS1, TransIP for comprehensive subdomain enumeration

## Partner Program

ReConfirm's partner program is designed for MSPs, MSSPs, VARs, and distributors:
- Full white-label platform customization
- Recurring revenue model
- Partner enablement resources and training
- Multi-tenant dashboard for client management
- ESET Technology Alliance partner

## Technology Alliance

ReConfirm is a Technology Alliance partner of ESET in the Netherlands, enabling ESET partners to leverage ReConfirm's EASM capabilities for their customers.

## Certifications & Compliance

- **Cybersecurity Made in Europe** label (ECSO)
- **GDPR compliant** data processing
- **EU-hosted** infrastructure exclusively
- **Privacy-first** approach to data handling

## Contact & Demo

- Website: https://reconfirm.com
- Free Scan: https://reconfirm.com/free-scan
- Contact: https://reconfirm.com/contact
- Partner Inquiries: https://reconfirm.com/for-partners

## Frequently Asked Questions

**What is External Attack Surface Management (EASM)?**
EASM is the process of continuously discovering, analyzing, and monitoring an organization's internet-facing assets and vulnerabilities from an attacker's perspective, without requiring agents or internal network access.

**How does ReConfirm differ from vulnerability scanners?**
ReConfirm discovers assets you may not know about (shadow IT, forgotten subdomains) and assesses them from an external perspective, complementing internal vulnerability scanners.

**Is ReConfirm suitable for small businesses?**
Yes, through the partner program, MSPs and MSSPs can offer ReConfirm EASM to businesses of any size via managed security services.

**What integrations does ReConfirm support?**
ReConfirm supports webhook integrations for SIEM/SOAR platforms, API access, and custom DNS source integrations (Azure, Cloudflare, NS1, TransIP).
Why this matters: This content directly influences how AI models describe your organization, products, and services. Review it for accuracy, brand alignment, and competitive positioning. If no llms.txt exists, AI models rely on whatever they can scrape — with no editorial control.
Verify Report Integrity SHA-3-512 Has this report been tampered with? Verify below

Tamper-evident fingerprint binding this analysis to its data, domain, timestamp, and tool version.

2054eb4b4cd536244a485b51c32233b24e462ead882ec8e3ff293063175499e99b68bebbb59ea328bf096ee1ba1cd8ab560a436a241b7c0e99814ff480796f18
12 RFCs evaluated · DNS state at 4 Apr 2026, 14:30 UTC
Internet Archive — Permanent Record Wayback Machine

This analysis is permanently archived by the Internet Archive, providing independent third-party verification of DNS security posture at analysis time.

View Archived Snapshot