Working versions of the checks I run for clients — free to use, built to teach, and deliberately unable to collect anything about you.
Point it at any domain and get a graded read on its email & DNS posture — SPF, DMARC, DNSSEC, MTA-STS and friends — in about three seconds.
Seven honest questions about email, MFA, identity, backups, offboarding and edge protection. Instant graded report with the first fix for each gap.
A colophon that measures itself while you read: live security headers, this domain audited by its own tool, and every agent endpoint verified in real time.
Password breach check (k-anonymity, explained visually) · suspicious-email header analyzer · try-a-passkey demo. Opinions on what should come first are welcome.
the deal with all of these: no accounts, no analytics on your inputs, no “enter your email to see results.” they run in your browser because that’s where your data should stay. if a tool ever needs a server, it’ll say so in plain words first.