Skip to main content

Domain Confessions

Forgotten Domain

Trigger Warning: If you disable security settings just to make things work, this video may not be for you. In other words, you may experience feelings of shame.

A domain registered for ten years with no published mail policy is not dormant — it is exposed. Reputation systems do not distinguish between negligence and compromise. They only see the absence of published policy.

SPF: v=spf1 -all
DMARC: v=DMARC1; p=reject;
MX: 0 .

If a domain sends no mail, publish SPF -all, DMARC reject, and Null MX. Silence is not protection.

Scan Your Domain Our Methodology Domain Confessions #2
Straight talk about your data.

We use two cookies, both essential:

  • _csrf — Prevents cross-site request forgery. Required for form submissions. Security-only.
  • _dns_session — Only exists if you choose to sign in. No account required to use DNS Tool.

We log your IP address for two reasons: rate limiting (so nobody abuses the service) and security (identifying malicious actors and complying with legal obligations). We check source geography for analysis accuracy — DNS responses vary by region, and knowing which resolver answered from where makes the science better.

No tracking cookies. No analytics cookies. No ad networks. No data brokers. Our code is open-core — the application framework is publicly available under BUSL-1.1 with timed Apache-2.0 conversion. Verify it yourself.

If you create an account and want out, account deletion removes your login and scan history. Public domain analyses remain available because they contain only public DNS records, already hashed. Full details: Privacy Policy.