Skip to main content
DNS Tool
Engineer's DNS Intelligence Report
Generated 14 Apr 2026, 14:06 UTC
Duration 10.8s
Version v26.44.17
Integrity 41c134b8e78e8e13a3130c0a0f8d495cba90fd82c4c411f75224138b9ff1907101a12ad9667285c30e3cf3d11b58c656033b8403bb55d3332e770da7657ec765
Subject Domain
google.com

Engineer's DNS Intelligence Report

google.com
14 Apr 2026, 14:06 UTC · 10.8s ·v26.44.17 · SHA-3-512: 41c1✱✱✱✱ Verify ·Archived ·Cross-Referenced
Executive Topology
Recon Mode Snapshot Re-analyze New Domain
DNS Security & Trust Posture Risk Level: Low Risk
Confidence: MODERATE · 65/100
6 protocols configured, 2 not configured, 1 unavailable on provider Why we go beyond letter grades
What’s Wrong DKIM signing inferred from provider — could not directly verify selector
Jump To: BIMI DNSSEC
Email Spoofing
Protected
Brand Impersonation
Not Setup
DNS Tampering
Unsigned
Certificate Control
Configured
Monitoring
DKIM signing inferred from provider — could not directly verify selector
Configured
SPF, DMARC (reject), DKIM (inferred via Google Workspace), MTA-STS, TLS-RPT, CAA
Not Configured
BIMI, DNSSEC
Unavailable on Provider
DANE
Priority Actions Achievable posture: Secure
Medium Enable DNSSEC

DNSSEC is not enabled for this domain. DNSSEC provides cryptographic authentication of DNS responses, preventing cache poisoning and DNS spoofing attacks.

RFC 4035
Low Add BIMI Record

Your domain has DMARC reject — you qualify for BIMI, which displays your brand logo in receiving email clients that support it (Gmail, Apple Mail, Yahoo).

BIMI displays your verified brand logo next to your emails in supporting mail clients.
TypeTXT
Hostdefault._bimi.google.com (BIMI default record)
Valuev=BIMI1; l=https://google.com/brand/logo.svg
RFC 9495
Open Remediation Workspace — Copy-Paste Ready Records
Registrar (RDAP) OBSERVED LIVE
MarkMonitor Inc.
Where domain was purchased
Email Service Provider INFERRED
Google Workspace
Strongly Protected
Web Hosting
Unknown
Where website is hosted
DNS Hosting OBSERVED
Google Cloud DNS
Where DNS records are edited
Footprint Google Workspace 6 SaaS Services
Email Security Methodology Can this domain be impersonated by email? No SPF and DMARC reject policy enforced

SPF Record RFC 7208 §4 Gold

Does this domain declare who may send email on its behalf? Yes