Phase 1 · Class B · Worker-assisted NIST · Protect

Can your domain be spoofed?

EmailGuard reads your domain's email-authentication posture - SPF, DKIM, DMARC, BIMI and MX - and returns a plain-English spoofability verdict plus the exact, safe path to close the gap. Never an audit. Always a next step.

🔒 Prototype build: live DNS verification is not enabled yet, so a typed domain returns an honest "unverified" result. Try a labelled sample below to see a full report. Nothing is stored.

Verdict

-

-

Records we checked

Each record, in business terms - with the copy-ready fix and the raw evidence one tap away.

DKIM - didn't find a signature?

DKIM is published per selector, and selectors aren't discoverable from DNS alone. We probed the common ones. If yours differs, enter it - or read the s= tag from any DKIM-Signature header in a sent email.

Suggested: selector1 google k1 s1

Your safe DMARC rollout

Never jump straight to reject. Ramp it - monitor, quarantine a rising percentage, then enforce. Here's where you are and the exact record for each stage.

Phishing-readiness - 5 quick questions

Records tell us if you can be spoofed. These tell us how ready your people and process are. Adjusts your readiness sub-score.

Top fixes, ranked by impact

Next step

Want this closed properly?

DMARC enforcement done wrong silently drops real mail. Hallatec deploys it the safe way - monitored ramp, alignment fixes, and email hardening end-to-end.

Book email hardening

Passive public-DNS lookup; point-in-time; shallow SPF include expansion (first level). Not an audit or penetration test. BIMI: a valid record does not guarantee your logo displays - that also needs DMARC enforcement and usually a paid mark certificate.