Skip to main content
DNS Tool
Engineer's DNS Intelligence Report
Generated 20 Feb 2026, 21:20 UTC
Duration 30.0s
Version v26.21.44
Integrity 18bf48833d61850c37fbdbca8c5547f8249f055231c8b9e6e10f6799f99c2056c5b5215e7062fe3062dd8fb5acf3e2984acbbad2423d5fbd993551e9fd507c5e
Subject Domain
cisa.gov

Engineer's DNS Intelligence Report

cisa.gov
20 Feb 2026, 21:20 UTC · 30.0s ·v26.21.44 · SHA-3-512: 18bf✱✱✱✱ Verify ·Cross-Referenced
Executive Topology
Recon Mode Snapshot Re-analyze New Domain
DNS Security & Trust Posture Risk Level: Low Risk
4 protocols configured, 4 not configured, 1 unavailable on provider Why we go beyond letter grades
Jump To: MTA-STS TLS-RPT BIMI CAA
Email Spoofing
Protected
Brand Impersonation
Not Setup
DNS Tampering
Protected
Certificate Control
Open
Configured
SPF (hard fail), DMARC (reject), DKIM, DNSSEC
Not Configured
MTA-STS, TLS-RPT, BIMI, CAA
Unavailable on Provider
DANE
Priority Actions 4 total Achievable posture: Secure
Low Add BIMI Record

Your domain has DMARC reject — you qualify for BIMI, which displays your brand logo in receiving email clients that support it (Gmail, Apple Mail, Yahoo).

BIMI displays your verified brand logo next to your emails in supporting mail clients.
TypeTXT
Hostdefault._bimi.cisa.gov (BIMI default record)
Valuev=BIMI1; l=https://cisa.gov/brand/logo.svg
RFC 9495
Low Add CAA Records

CAA records specify which Certificate Authorities may issue certificates for your domain, reducing the risk of unauthorized certificate issuance.

CAA constrains which CAs can issue certificates for this domain.
TypeCAA
Hostcisa.gov (root of domain — adjust CA to match your provider)
Value0 issue "letsencrypt.org"
RFC 8659
Low Add TLS-RPT Reporting

TLS-RPT (TLS Reporting) sends you reports about TLS connection failures when other servers try to deliver mail to your domain.

TLS-RPT sends you reports about TLS connection failures to your mail servers.
TypeTXT
Host_smtp._tls.cisa.gov (SMTP TLS reporting record)
Valuev=TLSRPTv1; rua=mailto:tls-reports@cisa.gov
RFC 8460
Low Deploy MTA-STS

MTA-STS enforces TLS encryption for inbound mail delivery, preventing downgrade attacks on your mail transport.

MTA-STS tells sending servers to require TLS when delivering mail to your domain.
TypeTXT
Host_mta-sts.cisa.gov (MTA-STS policy record)
Valuev=STSv1; id=cisa.gov
RFC 8461
Open Remediation Workspace — Copy-Paste Ready Records
Registrar (RDAP) OBSERVED LIVE
get.gov (Registrant: REDACTED FOR PRIVACY)
Where domain was purchased
Email Service Provider INFERRED
Microsoft 365
Strongly Protected
Web Hosting
Unknown
Where website is hosted
DNS Hosting
Unknown
Where DNS records are edited
Footprint Proofpoint 3 SaaS Services
Email Security Methodology Can this domain be impersonated by email? No SPF and DMARC reject policy enforced

SPF Record RFC 7208 §4 Gold

Does this domain declare who may send email on its behalf? Yes