MyDomainRisk inspects email authentication end-to-end: DMARC record and policy (none / quarantine / reject), SPF record plus the lookup count, DKIM selectors, and MTA-STS. It tells you whether a domain can be spoofed today — and exactly which record needs changing to lock it down. No signup.
No password. No credit card. Just your email to receive results.
One sign-in, both apps — Free, Pro or MSP covers security and authenticity. No second subscription.
Hosted on security-certified infrastructure providers.
acmecorp.com
Security posture: critical
/ 100
CRITICAL FINDINGS
Domain can be impersonated to send phishing email — no DMARC enforcement
Critical3 employee credentials found in stealer logs — active breach risk
CriticalSubdomain hijacking vulnerability — attacker can host content on affected domain
HighTLS certificate expires in 6 days — site will show browser security warnings
High2 lookalike domains actively resolving — phishing infrastructure detected
HighNo password · No credit card · Just your email
50+
Security checks
< 60s
Scan time
Clear
Risk rating
40+
Intel sources
Sample Intelligence Providers
MyDomainRisk combines signals from trusted sources including Google Web Risk, Have I Been Pwned, Shodan, urlscan.io, AbuseIPDB, and HudsonRock, alongside public DNS, certificate transparency, phishing, malware, and ransomware intelligence feeds.
Evidence Signals Checked
One subscription, every lens. Cyber Essentials · GDPR · PCI · CCPA · DMARC · Suppliers · Invoice · Crypto · MSP. See them all ↓
A comprehensive scan covering all the externally observable security signals that matter — with no special access or agent required.
Included free
Detects employee credentials harvested by malware.
Plain-English narratives of how detected weaknesses could be exploited.
Verifies email authentication records to prevent spoofing.
One-click remediation guidance for every finding.
Finds dangling DNS records attackers could claim.
Spots lookalike domains used for brand phishing.
Detects publicly accessible cloud storage buckets.
Validates certificates, ciphers, and encryption strength.
Checks that your web server sends all major browser security headers.
Checks the externally verifiable technical measures required under GDPR Article 32.
Advisory technical checks for the US market.
We name the corporate appliance instead of saying 'TLS error'.
Flags compromised credentials from known breach databases.
Export a shareable report for leadership or auditors.
Automated weekly or monthly scans on Pro; daily schedules on MSP.
No installation. No agents. No access keys.
No password, no credit card. We send you a secure sign-in link — click it and you're in.
MyDomainRisk performs 50+ non-intrusive security checks — TLS, headers, DNS, network infrastructure, threat intelligence, breaches, exposure — in under a minute.
Review the risk rating, prioritised findings and supporting evidence in the dashboard. Pro users can download a PDF report to share with leadership or auditors.
One subscription, many lenses
You're seeing the email authentication lens. The same Free, Pro or MSP account unlocks every other lens — switch any time, no second subscription.
UK compliance
Pre-assessment readiness — see exactly what the assessor will check.
EU/UK privacy
Externally verifiable technical baseline + Article mapping.
US compliance
External attack surface review with prioritised evidence.
US privacy
Privacy notice, do-not-sell, and Global Privacy Control checks.
Vendor risk
Vet a third party's external security posture before you contract.
Fraud workflow
Is that supplier-update email genuine? Verify the domain in 60 seconds.
Fraud workflow
Fake stablecoin, airdrop or wallet-connect site? Verify the domain before you sign.
Workflows
Group client domains, track remediation work, export branded bundles, and invite read-only contacts.
Pricing
Start free. Upgrade when you need monitoring, richer evidence, portfolio workflow, or client-ready reporting.
One account, both apps — one subscription. Free, Pro or MSP, a single MyDomainRisk sign-in unlocks both apps — the security app (harden the external configuration of any domain you want to assess) and the authenticity app (check whether a suspicious link or supplier domain is genuine). Same non-intrusive checks underneath, different lens depending on the question you're asking. One tier, one subscription, both tools.
For checking any domain
Free
No credit card required. Start scanning immediately.
For IT teams and consultants monitoring multiple domains
Pro
Everything you need to monitor a full domain portfolio.
50 security domains · 50 scans per day · 50 history per domain
Managing multiple separate customer estates?See MSP →
No lock-in. Cancel any time, or downgrade at the end of the period and keep Pro until the billing date.
For consultancies, MSPs and agencies managing many client estates
MSP
Everything in Pro, plus Portfolio clients, branded report bundles with report checks, delegated read-only portal access, a client audit trail, per-client Priorities work queues and Alerts, and progress signals for client reviews.
Need more than 250 security or 150 authenticity domains? support@mydomainrisk.com
No lock-in. Cancel any time, or downgrade to Pro / Free at period end.
Do I need a credit card to try it?
No. The Free plan requires only your email address — no payment details at any point.
Will this affect my website or cause any disruption?
No. Every check is a passive, external observation — we query publicly available data and DNS records only. Nothing is sent to your server and nothing is changed.
Can I cancel my Pro subscription at any time?
Yes. You can downgrade to Free or cancel immediately from your account page. No contracts, no minimum term.
What happens to my data after a scan?
Scan results are stored against your account in line with your plan limits. You can export or delete your data at any time. See our Privacy Policy for full details.
Free for up to 5 domains. No card required. Pro plans unlock bulk scanning, scheduled monitoring, and full breach reports.
Full domain scan — free, 60 seconds