Sudory Academy

Understand every check

Plain-English explanations of the DNS, email, and HTTP settings Sudory scans for. What each one does, why it matters, and how Sudory decides pass, warn, or fail.

Email authentication

The three records that stop attackers from sending email as you: SPF, DKIM, DMARC. Together they make forgery unprofitable.

SPF →

Lists which servers are allowed to send email as your domain.

DKIM →

Cryptographically signs your mail so receivers can prove it's authentic.

DMARC →

Tells receivers what to do when SPF or DKIM fails: monitor, quarantine, or reject.

MTA-STS →

Forces TLS on inbound SMTP connections. Prevents downgrade attacks on email in transit.

DNS records

The foundational DNS records: A, AAAA, MX, NS, CAA. What they do, what Sudory checks, and what provider signals they reveal.

A record

Soon

IPv4 address your domain resolves to.

AAAA record

Soon

IPv6 address support and provider detection.

MX record

Soon

Mail server priority and delivery routing.

NS record

Soon

Which DNS provider serves your zone.

CAA record

Soon

Restricts which certificate authorities may issue certs for your domain.

DNS security

Cryptographic protection for the DNS layer itself: DNSSEC and DANE. Useful for email providers and high-assurance domains.

DNSSEC

Soon

Signs DNS responses so attackers can't poison resolvers.

DANE / TLSA

Soon

Pins TLS certificates through DNS for stronger trust.

TLS and HTTPS

Certificate validity, protocol versions, and redirect hygiene. The basics every site needs right.

TLS certificate

Soon

Validity, issuer, expiry, and chain.

TLS version

Soon

Which protocol your server negotiates.

HTTPS redirect

Soon

Forcing browsers off plaintext HTTP.

HTTP security headers

Headers your server sends on every response: HSTS, CSP, X-Frame-Options, and the rest. They control what browsers allow.

HSTS

Soon

Tells browsers to always use HTTPS.

Content Security Policy

Soon

Restricts what scripts and resources can load.

X-Frame-Options

Soon

Prevents clickjacking via iframes.

X-Content-Type-Options

Soon

Stops MIME sniffing attacks.

Referrer-Policy

Soon

Controls what URL data leaks to linked sites.

Permissions-Policy

Soon

Which browser features your site can use.

Cookie flags

Soon

The three flags every cookie needs: Secure, HttpOnly, and SameSite.

See what your domain looks like

Every article links back to the scanner. Run a scan, compare your results against the academy, and see exactly where you stand.

Scan your domain