ZeroHookZeroHook
35-Point Audit Checklist

Every DNS and email check
we run on your domain.

Full breakdown of our 35-check audit: SPF, DKIM, DMARC, DNSSEC, blacklists, and NIS2 compliance mapping. Copy-paste fix guides included for every failing check.

Run Free Scan View Pricing
yourapp.com · tiered scan
Complete
68score

Security Score

2 critical issues need attention. Fix guides included.
2 fail1 warn5 pass
SPF Record
DKIM Signature
DMARC Policy
Blacklist Check
MTA-STS
DNSSEC
CAA Record
SSL Certificate

Critical: DMARC not enforced — domain can be spoofed.

Copy-Paste Fix

Fix DMARC

Add TXT record to _dmarc subdomain.

v=DMARC1; p=quarantine;
35-Point Advanced Audit

Everything DNS security. One platform.

We analyze 35 critical security markers across 6 infrastructure categories — in under 30 seconds.

Email Authentication

4 checks

Core email security protocols and validation. Without these, your domain can be spoofed to send phishing emails that appear to come from you.

SPF Record
v=spf1 include:_spf.google.com ~all
DKIM Signature
selector=google · key strength: 2048-bit
DMARC Policy
p=none · not enforced · spoofing possible
DMARC Reporting
RUA present · RUF missing
SPFDKIMDMARCPhishing protection
Compliance Frameworks

Automated compliance checks for 4 frameworks.

Every scan maps to NIS2, GDPR, ISO 27001, and PCI-DSS. Know your compliance status before the auditor does.

NIS2 (EU Directive 2022/2555)

Network and Information Security Directive

Requirements:6 checksPenalties:Up to €10M or 2% of global turnover

Critical For:

Essential EntitiesImportant EntitiesCritical Infrastructure
Check your compliance

We check:

Email authentication (SPF, DKIM, DMARC enforcement)
DNS integrity protection (DNSSEC)
Secure communication channels (MTA-STS)
Incident detection and monitoring
Regular security audits
Supply chain security measures
Detailed Remediations

Step-by-step fix guides for every issue.

Every failing check comes with exact DNS records, provider-specific instructions, and a verification command.

DMARC Policy Not Enforced
Critical · domain can be spoofed for phishing
Critical
1
Understand Current State

Your DMARC record exists but policy is set to "none" — no enforcement actions are taken on failed emails.

Current: v=DMARC1; p=none; rua=mailto:[email protected]
Estimated time: 5–15 min per step
What's in Your Report

Comprehensive analysis delivered in seconds.

Every audit generates a detailed security report with scores, issues, and fix guides.

Executive Summary

High-level security score, risk level, and critical issues at a glance

  • Overall security score (0–100)
  • Risk level classification
  • Issue count by severity
  • Compliance status overview

Detailed Findings

Complete analysis of all 35 security checks with pass/fail status

  • Email security results
  • DNS configuration analysis
  • Transport security validation
  • Performance metrics

Remediations

Step-by-step instructions for resolving each issue

  • Detailed remediation steps
  • Technical implementation guides
  • Code examples and DNS records
  • Estimated fix time and difficulty

Premium Insights

Advanced security strategies and expert recommendations

  • Industry best practices
  • Advanced configuration tips
  • Compliance strategies
  • Performance optimization

Compliance Reports

Detailed compliance analysis for 4 major frameworks

  • NIS2 Directive assessment
  • GDPR compliance check
  • ISO 27001 controls
  • PCI-DSS requirements

Historical Tracking

Track security improvements over time

  • Score trends
  • Issue resolution timeline
  • Compliance progress
  • Comparative analysis
Get Started

See what ZeroHook finds on your domain.

Create a free account for a 6-check basic audit, or upgrade for the full 35-check depth. Copy-paste fix guides included for every issue found.

Get Started Free View Plans