MyDomainRisk inspects email authentication end-to-end: DMARC record and policy (none / quarantine / reject), SPF record plus the lookup count, DKIM selectors, and MTA-STS. It tells you whether a domain can be spoofed today — and exactly which record needs changing to lock it down. No signup.
No password. No credit card. Just your email to receive results.
One sign-in, both apps — Free, Pro or MSP covers security and authenticity. No second subscription.
Hosted on security-certified infrastructure providers.
acmecorp.com
Security posture: critical
/ 100
CRITICAL FINDINGS
Domain can be impersonated to send phishing email — no DMARC enforcement
Critical3 employee credentials found in stealer logs — active breach risk
CriticalSubdomain hijacking vulnerability — attacker can host content on affected domain
HighTLS certificate expires in 6 days — site will show browser security warnings
High2 lookalike domains actively resolving — phishing infrastructure detected
HighNo password · No credit card · Just your email
50+
Security checks
< 60s
Scan time
Clear
Risk rating
40+
Intel sources
Sample Intelligence Providers
MyDomainRisk combines signals from trusted sources including Google Web Risk, Have I Been Pwned, Shodan, urlscan.io, AbuseIPDB, and HudsonRock, alongside public DNS, certificate transparency, phishing, malware, and ransomware intelligence feeds.
Evidence Signals Checked
One subscription, every lens. Cyber Essentials · GDPR · PCI · CCPA · DMARC · Suppliers · Invoice · Crypto · MSP. See them all ↓
A comprehensive scan covering all the externally observable security signals that matter — with no special access or agent required.
Included free
Detects employee credentials harvested by malware.
Plain-English narratives of how detected weaknesses could be exploited.
Verifies email authentication records to prevent spoofing.
One-click remediation guidance for every finding.
Finds dangling DNS records attackers could claim.
Spots lookalike domains used for brand phishing.
Detects publicly accessible cloud storage buckets.
Validates certificates, ciphers, and encryption strength.
Checks that your web server sends all major browser security headers.
Checks the externally verifiable technical measures required under GDPR Article 32.
Advisory technical checks for the US market.
We name the corporate appliance instead of saying 'TLS error'.
Flags compromised credentials from known breach databases.
Export a shareable report for leadership or auditors.
Automated weekly or monthly scans on Pro; daily schedules on MSP.
No installation. No agents. No access keys.
No password, no credit card. We send you a secure sign-in link — click it and you're in.
MyDomainRisk performs 50+ non-intrusive security checks — TLS, headers, DNS, network infrastructure, threat intelligence, breaches, exposure — in under a minute.
Review the risk rating, prioritised findings and supporting evidence in the dashboard. Pro users can download a PDF report to share with leadership or auditors.
One subscription, many lenses
You're seeing the email authentication lens. The same Free, Pro or MSP account unlocks every other lens — switch any time, no second subscription.
UK compliance
Pre-assessment readiness — see exactly what the assessor will check.
EU/UK privacy
Externally verifiable technical baseline + Article mapping.
US compliance
External attack surface review with prioritised evidence.
US privacy
Privacy notice, do-not-sell, and Global Privacy Control checks.
Vendor risk
Vet a third party's external security posture before you contract.
Fraud workflow
Is that supplier-update email genuine? Verify the domain in 60 seconds.
Fraud workflow
Fake stablecoin, airdrop or wallet-connect site? Verify the domain before you sign.
Workflows
Group client domains, track remediation work, export branded bundles, and invite read-only contacts.
Pricing
Start free. Upgrade when your external domain risk monitoring needs scheduled checks, richer evidence, portfolio workflow, or client-ready reporting.
One account, both apps — one subscription. Free, Pro or MSP, a single MyDomainRisk sign-in unlocks both apps — the security app (monitor the external risk around any domain you assess) and the authenticity app (check whether a suspicious link or supplier domain is genuine). Same non-intrusive checks underneath, different lens depending on the question you're asking. One tier, one subscription, both tools.
For checking any domain
Free
No credit card required. Start scanning immediately.
For IT teams and consultants monitoring multiple domains
Pro
Everything you need to monitor a full domain portfolio.
50 security domains · 50 scans per day · 50 history per domain
Managing multiple separate customer estates?See MSP →
No lock-in. Cancel any time, or downgrade at the end of the period and keep Pro until the billing date.
For consultancies, MSPs and agencies managing many client estates
MSP
Everything in Pro, plus Portfolio clients, branded report bundles and evidence packs with report checks, delegated read-only portal access, a client audit trail, per-client Priorities work queues and Alerts, and progress signals for client reviews.
Need more than 250 security or 150 authenticity domains? support@mydomainrisk.com
No lock-in. Cancel any time, or downgrade to Pro / Free at period end.
Do I need a credit card to try it?
No. The Free plan requires only your email address — no payment details at any point.
Will this affect my website or cause any disruption?
No. Every check is external and non-intrusive. Most read public records — DNS, certificates, registration data, threat-intelligence feeds. A few look at your site exactly the way a visitor's browser would: a TLS handshake and a single ordinary page request. Your logs would show the equivalent of one normal page visit; nothing is probed, logged into, or changed. The full contract is on our How we scan page.
How is this different from the free NCSC checks?
Use both. The NCSC's free Check Your Cyber Security tools are excellent for a one-off government-backed snapshot of email security and browser safety. MyDomainRisk covers a much wider set of external checks, keeps watching on a schedule, tracks your score over time, and turns every finding into a prioritised, plain-English fix path — the day-two-onwards work the snapshot can't do.
Can I cancel my Pro or MSP subscription at any time?
Yes. You can downgrade or cancel from your account page at any time. No contracts, no minimum term — you keep your paid features until the end of the current billing period.
What happens to my data after a scan?
Scan results are stored against your account in line with your plan limits. You can export or delete your data at any time. See our Privacy Policy for full details.
Free for up to 5 domains. No card required. Pro plans unlock bulk scanning, scheduled monitoring, and full breach reports.
Full domain scan — free, 60 seconds