IntoDNS.ai
ScanToolsCompareGuidesBlogPricingAPIAbout
Sign inStart your scan
IntoDNS.ai

Deterministic DNS and email security analysis with AI-assisted explanations where available. Built for developers, sysadmins and security-conscious teams.

Email testTool libraryAPI access

Product

  • Free scan
  • Free scanner
  • Tools
  • Pricing
  • API docs
  • Developers
  • MCP server
  • Security badge

Checks

  • SPF
  • DMARC
  • DKIM
  • DNSSEC
  • Blacklists
  • NIS2 readiness
  • Sender requirements
  • Email test
  • Diagnose email

Resources

  • Learn center
  • Blog
  • AI answers
  • Domain Security Reports
  • Methodology
  • Email security 2026
  • Compare tools
  • Verified domains

Company

  • About
  • Contact
  • Changelog
  • Privacy
  • Terms

© 2026 IntoDNS.ai. All rights reserved.

Deep scans via Internet.nlManaged hosting by CobytesXGitHubRSS
Back to home

blayce.nl

DNS & Email Security Report

Google Public DNS

Overall Security Score

Based on DNS configuration, email security, and security checks

A
92%
Very Good

Strong security posture

dns
100%
dnssec
100%
ipv6
100%
email
83%
security
85%

Next best checks

The quick scan stays fast. Run deeper checks for mail transport, SPF complexity, BIMI readiness, or sender compliance.

NIS2 Article 21.2 readiness

Map this scan onto the ten NIS2 Article 21.2 measures and get a 0-100 readiness score with per-measure detail.

Evidence snapshot

Create a fixed Markdown report with DNS, mail, web, blacklist, sender, citation, timestamp, and hash evidence.

SMTP STARTTLS certificate

Live MX handshake, STARTTLS support, certificate trust, hostname match, and FCrDNS.

SPF lookup graph

See every include and redirect that counts toward the 10-lookup SPF limit.

BIMI logo and VMC/CMC

Validate the BIMI TXT record, hosted SVG logo, and mark-certificate URL before spending money.

FCrDNS / PTR

Check reverse DNS and forward confirmation for every mail-server IP in clustered or round-robin setups.

Sender requirements

Check Google/Yahoo/Microsoft sender expectations, blacklist posture, and authentication gaps.

Keep this domain on watch

Weekly updates and alerts keep DNS or mail changes from going unnoticed.

Score 92% – Earn a Verified Backlink

Place our badge on your website and get a dofollow backlink from our Verified Secure Domains directory.

<a href="https://intodns.ai/scan/blayce.nl" target="_blank" rel="noopener noreferrer">
  <img src="https://intodns.ai/api/badge/blayce.nl" alt="IntoDNS.ai Security Score for blayce.nl" />
</a>
View directory

Recommendations (2)

Improve security
  • email
    SPF policy strict (-all)
    SPF uses ~all or ?all. Change to -all for strict enforcement
    -10 pts
  • security
    Content-Security-Policy header
    Content-Security-Policy is present but critically weakened: 'unsafe-eval' allows string-to-code execution
    -15 pts

Optional Features (8)

Nice to have
  • email
    BIMI record present
    No BIMI record. Add TXT at default._bimi with logo URL (requires DMARC p=quarantine+)
    -5 pts
  • email
    BIMI configuration valid
    No BIMI configured
    -5 pts
  • email
    MTA-STS record present
    No MTA-STS. Add TXT at _mta-sts and host policy at /.well-known/mta-sts.txt
    -5 pts
  • email
    MTA-STS policy enforced
    MTA-STS not configured
    -10 pts
  • security
    security.txt present
    No security.txt. Create /.well-known/security.txt with Contact and Expires fields (RFC 9116)
    -5 pts
  • security
    security.txt valid
    No security.txt configured
    -5 pts
  • security
    HTTP/3 (QUIC) supported
    No HTTP/3 support detected No h3 in Alt-Svc header No HTTPS DNS record (type 65) QUIC probe inconclusive (Inconclusive - no QUIC reply (trigger may be dropped or UDP/443 filtered)) — not a negative signal
    -5 pts
  • security
    HTTPS DNS record (SVCB)
    No HTTPS DNS record (type 65). Add HTTPS record for faster HTTP/3 discovery: blayce.nl IN HTTPS 1 . alpn="h3,h2"
    -5 pts

Passed checks (44)

  • A record present
  • AAAA record present
  • MX records present
  • NS records present
  • SOA record present
  • Multiple nameservers
  • MX servers have PTR records
  • MX servers have FCrDNS
  • DNSSEC signed
  • DNSSEC validation OK
  • NSEC3 RFC 9276 compliant
  • RRSIG signatures valid
  • Modern DNSSEC algorithm
  • DS digest algorithm modern
  • DNSKEY algorithm secure
  • RRSIG TTL safe
  • Chain of trust complete
  • Website reachable via IPv6
  • Mail servers publish IPv6
  • Nameservers reachable via IPv6
  • SPF record present
  • SPF syntax valid
  • DKIM found
  • DMARC record present
  • DMARC policy quarantine or better
  • DMARC policy reject
  • MX records valid
  • MX domains use DNSSEC
  • MX DNSSEC validation OK
  • Mail servers not blacklisted
  • No critical blacklist listings
  • CAA records present
  • CAA policy strict
  • TLSA records (DANE)
  • DANE configuration valid
  • No sensitive info in TXT
  • HTTPS available
  • Valid certificate
  • HTTP redirects to HTTPS
  • HSTS enabled
  • HSTS max-age >= 1 year
  • X-Frame-Options header
  • X-Content-Type-Options header
  • Referrer-Policy header
Computing NIS2 readiness…

Issues (1)

  • No HTTP/3 (QUIC) support

Recommendations (1)

  • •Enable HTTP/3 (QUIC)

Scan History

Loading history...