Scan any domain for email authentication, TLS health, WHOIS integrity, and subdomain takeover risk — in seconds.
| Check | Why it matters | Weight |
|---|---|---|
| DMARC policy | Prevents spoofed email sent from your domain | 25 pts |
| SPF record | Authorises which servers may send mail for you | 10 pts |
| DKIM selector | Cryptographic email signing — tamper detection | 10 pts |
| TLS certificate | Validates HTTPS is correctly provisioned | 20 pts |
| WHOIS integrity | Flags imminent expiry or missing transfer lock | 10 pts |
| Subdomain takeover | Detects dangling DNS pointing at unclaimed services | 15 pts |
| MTA-STS / TLSRPT | Enforces TLS on inbound SMTP | 5 pts |
| DNSSEC | Protects against DNS cache poisoning | 5 pts |
| HSTS enforcement | Instructs browsers to use HTTPS-only connections; prevents SSL-stripping attacks | 5 pts |
One-off scans like this one are useful, but auditors increasingly ask "prove this score was true on 14 November 2024". QENEX Pulse runs these nine checks plus tougher ones (sub-processor watch, contract- term capture, regulator-mapped reports) on every vendor your firm depends on, every day, with each result SHA-256 hashed and anchored into IPFS + OpenTimestamps. From £79/month for 10 vendors.
Start free with QENEX Pulse →Why this is free. This scanner is free because it's the entry point to QENEX Pulse — continuous, anchored vendor monitoring from £79/mo. We don't run ads. We don't sell your scan data. The scanner runs entirely on QENEX-owned bare-metal infrastructure in London with no third-party tracking in the request path.
Results are cached for 24 hours. Add ?fresh=1 to force a rescan.