Email & DNS Security Overview

Description of the section

The Email & DNS Security section is used to review email authentication posture by running DNS-based checks for SPF, DMARC, and DKIM. This section is designed as a validation and reporting workflow rather than a mail-delivery configuration screen.

It gives administrators one place to test a domain, optionally test a subdomain, and review whether common email authentication records are present and correctly formatted. The broader CMSSPM system also supports last-result rendering for SPF, DMARC, and DKIM checks, including per-target comparisons and DKIM selector analysis.

Section components

This section currently presents the Email Authentication Checker under DNS Auth Checks. The interface includes fields for Domain, Check subdomain (optional), and DKIM selectors (comma-separated), along with the actions Run Checks and Clear Cache.

The plugin context indicates that the Email & DNS Security area supports SPF, DMARC, and DKIM posture review, per-target parent-domain and subdomain comparisons when both are provided, DKIM selector detail analysis, and cached DNS lookups for recent runs. The DNS authentication checker also supports JSON export of stored DNS auth results elsewhere in the Email & DNS feature set.

Recommended usage

Use this section when you want to verify that a domain publishes the expected email authentication records and to check whether a subdomain inherits or overrides the expected policy. For DKIM, include the selectors used by the sending services for the domain so the results reflect the records that actually matter in production.

A practical workflow is to run checks against the primary domain first, then run the same review for any sending subdomains, and repeat the process after DNS changes propagate. If the results appear stale, clear the cached lookup data and rerun the checks.

Validation

After using this section, confirm that the results shown for SPF, DMARC, and DKIM match the current DNS records published for the tested domain or subdomain. When selectors are supplied, verify that the returned DKIM findings correspond to the active selectors used by the site’s email providers or sending infrastructure.