Pricing

from $150.00 / 1,000 domain reports

Domain Security Posture Checker — DNS, SPF, DMARC, TLS

One-call security report card per domain — WHOIS, DNS, SPF/DMARC email auth, SSL/TLS expiry, with a posture score and grade. No login.

Pricing

from $150.00 / 1,000 domain reports

Rating

0.0

(0)

Developer

NexGenData

Actor stats

Bookmarked

Total users

Monthly active users

3 days ago

Last modified

🔒 Domain Security Posture Checker · DNS · SPF · DMARC · TLS

One call returns a security report card per domain — WHOIS age, DNS, SPF/DMARC email auth, SSL/TLS expiry — with a posture score and grade. For security, due-diligence, and sales-engineering teams.

⚡ What you get

Field	Description
`score` / `grade`	Overall posture (0-100, A-D)
`hasSPF` / `spf`	SPF record + value
`hasDMARC` / `dmarcPolicy`	DMARC + policy
`sslIssuer` / `sslExpires` / `sslDaysLeft`	TLS health
`registrar` / `created` / `expires`	WHOIS via RDAP
`mx` / `nameservers` / `a`	DNS
`findings`	Human-readable issues

🎯 Use cases

Security teams scoring third-party domains
M&A / due-diligence quick risk checks
Sales engineering pre-call audits
Email deliverability (SPF/DMARC) audits

🚀 Sample inputs

{ "domains": ["stripe.com","github.com"] }

{ "domains": ["yourcompany.com"] }

📦 Sample output

{ "domain": "stripe.com", "score": 90, "grade": "A", "hasSPF": true, "hasDMARC": true, "dmarcPolicy": "reject", "sslIssuer": "DigiCert Inc", "sslDaysLeft": 312, "findings": [] }

📊 Sample Output

Sample output

🛠 How it works

DNS — A/MX/NS/TXT via DNS-over-HTTPS (Cloudflare).
Email auth — parses SPF and _dmarc DMARC policy.
TLS — reads the port-443 certificate (issuer, expiry).
WHOIS — registrar + dates via RDAP.
Score — weighted posture score + grade + findings.

💰 Pricing Example

Pay-per-event: $0.005 per run + $0.15 per domain report (domain-report).

Domains	Cost
50	~$7.50
200	~$30.00
1,000	~$150.00
Apify's $5 free credit covers ~33 domains. Start free →

⚖️ Legal & data sources

Public DNS (DoH), public RDAP/WHOIS, and a standard TLS handshake on port 443 — all public, no login. Identified User-Agent.

❓ FAQ

A vulnerability scanner? No — a posture/hygiene report, not an intrusive scan. DKIM? SPF + DMARC checked; DKIM (selector-specific) on the roadmap. Fresh? Live at run time. Key? No. Bulk? Yes. Scoring? Weighted across SPF, DMARC policy, TLS, and DNS.

🆘 Troubleshooting

SSL invalid/unreachable — host may not serve TLS on 443.
No WHOIS — some TLDs have limited RDAP.
Low score — check findings.
Subdomain — pass the registrable domain.

🏷️ About NexGenData

Structured public-data tools for analysts, developers, and operators. thenextgennexus.com.

DNS, WHOIS, SPF/DMARC, SSL Domain Audit

jungle_synthesizer/dns-domain-audit

Bulk domain audit covering DNS records, WHOIS registration, SPF/DMARC/DKIM email auth, SSL certificate, and reverse DNS. No browser, no proxy -- pure Node, sub-second per domain.

BowTiedRaccoon

Domain Security & Email Deliverability — DNS, SPF, DMARC, DKIM

ryanclinton/dns-record-lookup

Audit a domain portfolio for email spoofing, broken SPF, DMARC enforcement, DNSSEC and shadow-SaaS senders. Returns a posture score, what to fix first, vendor dependencies and drift alerts — not just records. Bulk DNS / SPF / DMARC / DKIM lookup, no API keys.

Ryan Clinton

Domain Intelligence Lookup

obicodes/domain-intel

Full domain intelligence in one call. Get WHOIS registration data, DNS records, SSL certificate status, IP geolocation, ASN, mail provider detection, and an actionable email security score (SPF, DMARC, MX). Built for developers, security teams, agencies, and growth teams.

Obicodes

Email Intelligence & Security Score

obicodes/email-intel

Comprehensive email intelligence in one call. Validate email format, detect disposable/role accounts, and get deep domain intelligence including WHOIS, DNS, SSL, IP Geo, ASN, mail provider detection, and an actionable email security score (SPF, DMARC, MX).

Obicodes

DNS Lookup | Scrape Domain Records & Security Intelligence

datascoutapi/dns-lookup

DNS lookup scrapes 22 data points including 10 DNS records (A, AAAA, MX, TXT, NS, CNAME, SOA, SRV, PTR, CAA) + email security analysis ( SPF/DKIM/DMARC), SSL certificate checker, domain monitoring. Processes 100 domains per batch with security scoring.

halam

Email Security Scanner

cerridwen/email-security-scanner

DNS-only email posture for any domain: MX, SPF, DMARC, DKIM probes, MTA-STS, BIMI. No email sent. Returns score + actionable tips. Batch-friendly for CRM domains and compliance snapshots.

Cerridwen

Domain Trust Reputation Scraper

taroyamada/domain-trust-monitor

Audit your entire domain portfolio for SSL expiry, DMARC posture, and security headers, outputting an executive summary with clear remediation rows.

naoki anzai

Domain Intelligence: WHOIS + DNS Bulk Lookup

scrapemint/domain-intelligence

Pass a list of domains, get WHOIS data, DNS records, and inferred signals like email provider, DNS provider, and SPF/DMARC presence. Built for SDRs, brand protection teams, and email deliverability consultants. One row per domain. Pay per lookup.

Ken M

Bulk Email Deliverability Checker (MX/SPF/DMARC/DKIM)

weiseer/email-deliverability-checker

Bulk-check domains for email setup & authentication over DNS: MX + provider, SPF, DMARC policy, DKIM selectors, with a deliverability score. One JSON row per domain.

wei seer

Domain Intelligence (MCP)

scrap_them_all/domain-intelligence-mcp

MCP-friendly Apify Actor returning a structured domain intelligence card. Four modes: whois (registrar+age via RDAP), dns (A/MX/TXT/SPF/DMARC/NS), ssl (cert chain+expiry), full (all three). Universal sales/security/devops/KYC use case.