Free M365 Security Health Check
Can your organization's email be impersonated?
Three public DNS records decide whether criminals can send email that looks exactly like it came from your office — fake invoices, fake payroll changes, fake notices. Enter your domain and get letter grades in about fifteen seconds, plus a plain-English report by email.
- About 15 seconds — grades on this page instantly
- Passive public-record checks only — nothing touches your systems
- Written for office managers and county clerks, not engineers
- Checks MX hosting, SPF, DKIM, and DMARC
Why these records matter
The fifteen-second explanation
SPF is your list of approved senders. DKIM is a tamper-proof signature on every real message. DMARC is the instruction that tells the world's mail systems to reject the fakes. Most small organizations are missing at least one — and the missing one is usually DMARC, the enforcement piece.
Want the full plain-English version with envelopes-and-signatures metaphors? Read Can your business email be spoofed? on our blog — then come back and run your check.
FAQ
Health check questions
Is this safe to run? Will it touch our systems?
It's completely passive. We read only public DNS records — the same records every mail system on the internet already checks each time it receives a message claiming to be from you. We never scan, probe, or connect to anything of yours.
We're a government office. Is this appropriate for us?
It's built for you — think of it as a security posture report for public entities. The report is written so a clerk, treasurer, or judge-executive can read it and share it with a fiscal court or board without translation.
What if we just use Gmail addresses?
Run it anyway with your Gmail address. Not having your own email domain is itself a meaningful finding — with credibility and security implications — and the report explains what moving to a business domain involves. It's not a rejection; it's the starting point.
What's the catch?
No catch: you get a genuinely useful report, and we get to introduce ourselves. You'll receive the report, a couple of helpful follow-up emails you can unsubscribe from in one click, and an offer of a free 15-minute walkthrough. That's it — no obligation, no pressure, no reselling your information.
A good grade means we're secure, right?
It means the specific public records we check look right — which matters, but it's one layer. Backups, MFA, endpoint protection, and staff awareness live inside your systems where a passive check can't see. That's what the free walkthrough and a fuller review are for.
Rather talk to a person? Call (270) 866-8660 — Monday–Friday, 8:00 AM–5:00 PM CT.
