DNS Tool

Executive's DNS Intelligence Brief

Generated 18 Feb 2026, 06:15 UTC
Duration 13.0s
Version v26.19.45
Integrity af1e53cfa20f52d2d432aa21ac65746be2b29511365c4f1f420efc98a609f2e1a1dfedf91dd75c6f8e135f783ac3d63438d9ef8d239362c41e34f54c9462062d

TLP:AMBER

Limited disclosure — recipients may share within their organization only

Subject Domain

poop.com

Executive's DNS Intelligence Brief

Board-level domain security assessment — poop.com

18 Feb 2026, 06:15 UTC · 13.0s · SHA-3-512: af1e✱✱✱✱ Verify

Engineer

DNS Security & Trust Posture

Risk Level: Medium Risk

3 protocols configured, 6 not configured

1 recommendation

Email Spoofing

Vulnerable

Brand Impersonation

Not Set Up

DNS Tampering

Unsigned

Certificate Control

Open

What Requires Attention

Recommended Enable DMARC aggregate reporting (rua) for authentication visibility

The BIG Questions

Can this domain be impersonated by email? Uncertain incomplete configuration

Can DNS itself be tampered with? Possible DNSSEC is not deployed, DNS responses are not cryptographically verified

Can this brand be convincingly faked? Partially DMARC policy is not set to reject — partial protection only

Is mail transport encryption enforced? No No MTA-STS or DANE — mail transport encryption is opportunistic only

Is certificate issuance controlled? No No CAA records — any certificate authority may issue certificates for this domain

Does this domain publish AI agent instructions? No No llms.txt file detected — AI models have no structured instructions for this domain

Is AI crawling of our content controlled? No No robots.txt found — AI crawlers have unrestricted access

Has someone manipulated AI recommendations about us? No No indicators of AI recommendation manipulation found

Are there hidden AI prompts on our site? No No hidden prompt artifacts found in page source

Domain Overview

Registrar GoDaddy.com, LLC

Email Provider Unknown

Web Hosting Unknown

DNS Hosting Unknown

Technical Findings

Email Authentication

Can this domain be impersonated by email? Uncertain — incomplete configuration

SPF (Sender Policy) Partial

DMARC (Policy) Partial

DKIM (Signatures) Not Detected

Mail Posture Moderately Protected

Mail Transport Security

Is mail transport encryption enforced? No — No MTA-STS or DANE — mail transport encryption is opportunistic only

MTA-STS Partial

DANE / TLSA Hosted Provider No MX records available — DANE check skipped

TLS-RPT (Reporting) Not Configured

Mail Transport Not Enforced Policy-assessed

DNS Security

Can DNS itself be tampered with? Possible — DNSSEC is not deployed, DNS responses are not cryptographically verified

DNSSEC Partial

DNSSEC not configured - DNS responses are unsigned

NS Delegation Healthy

Brand & Certificate Controls

Can this brand be convincingly faked? Partially — DMARC policy is not set to reject — partial protection only

Is certificate issuance controlled? No — No CAA records — any certificate authority may issue certificates for this domain

BIMI (Brand Logo) Not Configured

CAA (Certificate) Open Any certificate authority may issue certificates

AI Surface Scanner Scanned

Does this domain publish AI agent instructions? No — No llms.txt file detected — AI models have no structured instructions for this domain

Is AI crawling of our content controlled? No — No robots.txt found — AI crawlers have unrestricted access

Has someone manipulated AI recommendations about us? No — No indicators of AI recommendation manipulation found

Are there hidden AI prompts on our site? No — No hidden prompt artifacts found in page source

LLM Context File Not Found No llms.txt file detected

AI Crawler Governance No robots.txt

Poisoning Indicators None Found No AI recommendation poisoning indicators detected

Hidden Prompt Artifacts None Found No hidden prompt artifacts detected

Public Exposure Clear No secrets detected in publicly accessible source

Priority Actions 4 total Achievable: Low Risk

High Add DMARC Reject for No-Mail Domain

This domain has no MX records and appears to be a website-only domain. A DMARC reject policy tells receiving mail servers to reject any email claiming to be from your domain.

High Lock Down SPF for No-Mail Domain

This domain has no MX records and appears to be a website-only domain. Publishing a strict SPF record explicitly declares that no servers are authorized to send email, preventing attackers from spoofing your domain.

Medium Enable DNSSEC

DNSSEC is not enabled for this domain. DNSSEC provides cryptographic authentication of DNS responses, preventing cache poisoning and DNS spoofing attacks.

Low Add CAA Records

CAA records specify which Certificate Authorities may issue certificates for your domain, reducing the risk of unauthorized certificate issuance.

Appendix — Additional Resources

Full technical details including raw DNS records, DKIM public keys, IP/ASN mappings, resolver consensus evidence, and verification commands are available in the Engineer's DNS Intelligence Report.

View Engineer's DNS Intelligence Report

Verify Report Integrity SHA-3-512 Has this report been tampered with? Verify below

Tamper-evident fingerprint binding this analysis to its data, domain, timestamp, and tool version.

af1e53cfa20f52d2d432aa21ac65746be2b29511365c4f1f420efc98a609f2e1a1dfedf91dd75c6f8e135f783ac3d63438d9ef8d239362c41e34f54c9462062d

12 RFCs evaluated · DNS state at 18 Feb 2026, 06:15 UTC

Rules of Engagement

What You May Do

What You May Not Do

Executive's DNS Intelligence Brief

Intelligence Dissemination

What Requires Attention

The BIG Questions

Domain Overview

Technical Findings

Email Authentication

Mail Transport Security

DNS Security

Brand & Certificate Controls

AI Surface Scanner Scanned

Priority Actions 4 total Achievable: Low Risk

Appendix — Additional Resources

Verify Report Integrity SHA-3-512 Has this report been tampered with? Verify below