How can we help you?

ZeroHook analyzes your domain's DNS records and security configuration in seconds. Free accounts get 6 core checks; paid tiers and trial run 29 additional checks (35 total) covering email authentication (SPF, DKIM, DMARC), transport security (MTA-STS, TLS-RPT), and infrastructure integrity (DNSSEC, Subdomain Takeover). You get a score from 0-100 and step-by-step copy-paste fixes for every issue found.

Your score is calculated using our proprietary algorithm that weights up to 35 checklist checks (6 on Free) across 5 categories: Email Auth (40%), DNS Security (25%), Transport (20%), Reputation (10%), and Infrastructure (5%). A score >= 90 is an A (Excellent), while below 60 is an F (Critical).

No signup or credit card is required for your first manual audit. You can enter any domain and get an instant security report. We only require an account if you want to enable continuous monitoring, access historical data, or trigger automated remediation alerts. Paid subscription trials require a credit card on file.

ZeroHook uses a tier-based subscription model starting at $29/month. Paid subscribers get generous daily on-demand audit limits (25–500/day depending on tier). Pricing tiers also determine how many domains you can put under Continuous Monitoring.

The Free tier is perfect for one-time checks. The Deliverability tier ($29/mo) provides continuous monitoring for your core domain. The Agency/MSP ($89/mo) and Compliance Evidence Pack ($199/mo) tiers add priority support, API access, and advanced regulatory mapping (NIS2, SOC2, ISO).

Each paid plan includes a generous daily on-demand audit allowance: Deliverability (25/day), Agency/MSP (50/day), Compliance Evidence Pack (100/day), and Enterprise (500/day). Limits reset daily. This replaces the old token-based system.

Upgrades are immediate and prorated (you only pay the difference). Downgrades are scheduled for the end of your current billing cycle so you keep the features you already paid for. All subscriptions are non-refundable per our Terms of Service.

Free tier runs 6 checklist checks (email auth + core DNS). Paid tiers run 35 checks including SPF/DKIM/DMARC (full validation), BIMI/VMC, DNSSEC, CAA, MTA-STS, TLS-RPT, DANE, SSL Expiry, Subdomain Takeover detection, Zone Transfer risks, Nameservers health, Global Blacklist monitoring (50+ databases), and automated mapping to NIS2, SOC2, and ISO 27001 requirements.

Free users get weekly scans. Deliverability, Agency/MSP, and Compliance Evidence Pack tiers receive daily automated scans of their monitored domains. If any record changes or a security gap is detected, we send an instant alert via Email, Slack, or Webhook depending on your tier.

Most tools only check if a record exists. ZeroHook validates the content against RFC specifications and cross-references results across multiple global anycast DNS nodes to prevent false positives and detect configuration drift that others miss.

Yes. NIS2 requires essential and important entities to implement security measures for their network and information systems. ZeroHook specifically automates the evidence collection for DNS security, email authentication, and continuous monitoring requirements. Fines for non-compliance can reach €10M or 2% of annual revenue.

For Compliance users, we maintain a 1-year tamper-proof log of all changes and audit results. Each entry is cryptographically hashed in a chain, ensuring auditors can verify that the security evidence has not been altered retroactively.

MSPs can use our Agency tier for white-labeling, including custom logos, brand colors, and custom fonts on all PDF reports. Bulk pricing allows you to manage client domains at a cost of $10-$15/month each, allowing for 300%+ margins.

Agencies on Agency/MSP and Compliance Evidence Pack tiers can generate professional PDF reports with their own logo, brand colors, and company name. Upload your branding in Settings → White Label.

ZeroHook provides exact TXT/CNAME records tailored to your specific DNS provider (Cloudflare, GoDaddy, Namecheap, etc.). You just copy the value, paste it into your provider's dashboard, and the issue is resolved—no expert knowledge required.

We provide step-by-step guides for resolving SPF "too many lookups", DMARC "p=none" warnings, and missing DKIM selectors. Our guides are updated continuously as provider interfaces and security standards evolve.

You can add or remove monitored domains directly from your dashboard. If you exceed your tier limit, you can purchase individual domain add-ons for $10-$15/month or upgrade to the next tier.

For Enterprise accounts with custom pricing, we support custom invoicing, NET-30/60 terms, and dedicated account management. We also offer annual prepayment discounts (20% savings).