Overview
DNS
- POSTGenerate SPF record
- POSTLookup SPF record
- POSTLookup MX records
- POSTTest SMTP server
- POSTTest SMTP email sending
- POSTValidate email syntax
- POSTGenerate DMARC record
- POSTLookup DMARC record
- POSTLookup sender score
- POSTCheck for temporary email
- POSTCheck email provider
- GETGet email tester endpoint
- GETGet email tester results
- POSTComprehensive email health check
- POSTCheck URL for malicious content
- POSTValidate email address
- POSTCheck IP blacklist status
- POSTCheck domain blacklist status
curl --request POST \
--url https://app.spotzee.com/api/ext/generic/dns/dns-health-check \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data domain=example.com{
"status": "success",
"data": {
"dataCompleteness": {
"percentage": 100,
"missingChecks": [],
"failureReason": null
},
"dnssec": {
"score": 0,
"maxScore": 25,
"isEnabled": {
"result": false,
"points": 0
},
"hasValidChain": {
"result": false,
"points": 0
},
"hasNSEC3": {
"result": false,
"points": 0,
"value": {
"algorithm": "",
"iterations": 0,
"saltLength": 0
}
},
"keyAlgorithm": {
"value": "",
"points": 0
},
"info": [
"DNSSEC is not enabled for this domain"
],
"warnings": []
},
"dane": {
"score": 0,
"maxScore": 0,
"tlsaRecords": {
"result": false,
"points": 0,
"value": []
},
"emailTLSA": {
"result": false,
"points": 0,
"value": []
}
},
"caa": {
"score": 15,
"maxScore": 15,
"isExists": {
"result": true,
"points": 5
},
"records": [
{
"name": "example.com",
"type": 257,
"TTL": 300,
"data": "0 issue \"letsencrypt.org\""
}
],
"analysis": {
"hasIssueTag": true,
"hasIssuewildTag": false,
"hasIncidentReporting": true,
"isRestrictive": true,
"authorizedCAs": [
"letsencrypt.org"
],
"totalRecords": 1
}
},
"registryLock": {
"score": 0,
"maxScore": 20,
"isLocked": {
"result": false,
"points": 0,
"statuses": []
},
"domainAge": {
"days": 8765,
"displayAge": "24 years"
},
"clientLocks": {
"active": [
"clientTransferProhibited"
],
"protections": {
"transferProtection": true,
"updateProtection": false,
"deleteProtection": false,
"domainHold": false
},
"summary": "Registrar protections: transfer protection"
}
},
"infrastructure": {
"score": 65,
"maxScore": 70,
"anycast": {
"result": true,
"points": 20,
"value": {
"confidence": {
"score": 420,
"level": "confirmed"
},
"provider": {
"id": "cloudflare",
"name": "Cloudflare",
"confidence": "confirmed"
},
"detectionMethods": [
"hostname-regex",
"ip-cidr"
],
"nameservers": [],
"mixedDeployment": false
}
},
"providerDiversity": {
"result": false,
"points": 0,
"value": {}
},
"ipv6Support": {
"result": true,
"points": 12,
"value": {}
},
"performance": {
"result": true,
"points": 14,
"value": {}
},
"ddosProtection": {
"result": true,
"points": 19,
"value": {}
}
},
"authentication": {
"score": 16,
"maxScore": 22,
"zoneTransferRestricted": {
"result": true,
"points": 11
},
"queryPortRandomization": {
"result": true,
"points": 8
},
"openResolver": {
"result": false,
"isProblematic": false,
"points": 5
},
"dnsSoftware": {
"result": true,
"points": 4.25
}
},
"monitoring": {
"score": 33,
"maxScore": 55,
"anomalyDetection": {
"result": true,
"points": 18,
"value": {}
},
"changeMonitoring": {
"result": true,
"points": 8,
"value": {}
},
"responseTimeConsistency": {
"result": true,
"points": 7,
"value": {}
},
"incidentHistory": {
"result": true,
"points": 0,
"value": {}
}
},
"privacy": {
"score": 10,
"maxScore": 15,
"queryLogging": {
"result": true,
"points": 8
},
"dnsFirewall": {
"result": true,
"points": 10
},
"dnsExposureAssessment": {
"result": true,
"points": 16
}
},
"abusePrevention": {
"score": 32,
"maxScore": 35,
"subdomainTakeover": {
"result": true,
"isProblematic": false,
"points": 20
},
"dnsTunneling": {
"result": false,
"points": 12
},
"sinkholing": {
"result": false,
"points": 0
}
},
"operational": {
"score": 20,
"maxScore": 30,
"ttlConfiguration": {
"result": true,
"points": 8,
"score": 8
},
"certificateTransparency": {
"result": false,
"points": 0,
"value": {}
},
"emailAuthentication": {
"score": 12,
"maxScore": 15,
"spf": {},
"dmarc": {},
"dkim": {}
}
},
"thirdPartyRisk": {
"score": 20,
"maxScore": 20,
"providerSecurity": {
"result": true,
"points": 20
},
"geographicRisk": {
"result": false,
"points": 0
}
},
"grading": {
"grade": "B",
"gradeDescription": "Good - Meets industry security standards with solid fundamentals",
"score": 71,
"recommendations": [
"Enable DNSSEC for authentication and integrity",
"Implement registry lock for domain protection"
],
"methodology": {
"scoringMethod": "Simple weighted average scoring",
"gradeScale": "A: 85-100 | B: 70-84 | C: 55-69 | D: 40-54 | F: 0-39"
},
"assessmentMetadata": {
"completeness": 100,
"categoriesChecked": 13,
"categoriesAssessed": [
"dnssec",
"caa",
"dane",
"registryLock",
"infrastructure",
"authentication",
"monitoring",
"privacy",
"abusePrevention",
"operational",
"thirdPartyRisk"
]
}
}
}
}DNS Security Health Check
Comprehensive DNS security assessment with enhanced grading. Evaluates DNSSEC, DANE, CAA records, privacy settings, operational security, and more. Includes domain classification, weighted security scoring, detailed subscores, and context-aware recommendations.
curl --request POST \
--url https://app.spotzee.com/api/ext/generic/dns/dns-health-check \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data domain=example.com{
"status": "success",
"data": {
"dataCompleteness": {
"percentage": 100,
"missingChecks": [],
"failureReason": null
},
"dnssec": {
"score": 0,
"maxScore": 25,
"isEnabled": {
"result": false,
"points": 0
},
"hasValidChain": {
"result": false,
"points": 0
},
"hasNSEC3": {
"result": false,
"points": 0,
"value": {
"algorithm": "",
"iterations": 0,
"saltLength": 0
}
},
"keyAlgorithm": {
"value": "",
"points": 0
},
"info": [
"DNSSEC is not enabled for this domain"
],
"warnings": []
},
"dane": {
"score": 0,
"maxScore": 0,
"tlsaRecords": {
"result": false,
"points": 0,
"value": []
},
"emailTLSA": {
"result": false,
"points": 0,
"value": []
}
},
"caa": {
"score": 15,
"maxScore": 15,
"isExists": {
"result": true,
"points": 5
},
"records": [
{
"name": "example.com",
"type": 257,
"TTL": 300,
"data": "0 issue \"letsencrypt.org\""
}
],
"analysis": {
"hasIssueTag": true,
"hasIssuewildTag": false,
"hasIncidentReporting": true,
"isRestrictive": true,
"authorizedCAs": [
"letsencrypt.org"
],
"totalRecords": 1
}
},
"registryLock": {
"score": 0,
"maxScore": 20,
"isLocked": {
"result": false,
"points": 0,
"statuses": []
},
"domainAge": {
"days": 8765,
"displayAge": "24 years"
},
"clientLocks": {
"active": [
"clientTransferProhibited"
],
"protections": {
"transferProtection": true,
"updateProtection": false,
"deleteProtection": false,
"domainHold": false
},
"summary": "Registrar protections: transfer protection"
}
},
"infrastructure": {
"score": 65,
"maxScore": 70,
"anycast": {
"result": true,
"points": 20,
"value": {
"confidence": {
"score": 420,
"level": "confirmed"
},
"provider": {
"id": "cloudflare",
"name": "Cloudflare",
"confidence": "confirmed"
},
"detectionMethods": [
"hostname-regex",
"ip-cidr"
],
"nameservers": [],
"mixedDeployment": false
}
},
"providerDiversity": {
"result": false,
"points": 0,
"value": {}
},
"ipv6Support": {
"result": true,
"points": 12,
"value": {}
},
"performance": {
"result": true,
"points": 14,
"value": {}
},
"ddosProtection": {
"result": true,
"points": 19,
"value": {}
}
},
"authentication": {
"score": 16,
"maxScore": 22,
"zoneTransferRestricted": {
"result": true,
"points": 11
},
"queryPortRandomization": {
"result": true,
"points": 8
},
"openResolver": {
"result": false,
"isProblematic": false,
"points": 5
},
"dnsSoftware": {
"result": true,
"points": 4.25
}
},
"monitoring": {
"score": 33,
"maxScore": 55,
"anomalyDetection": {
"result": true,
"points": 18,
"value": {}
},
"changeMonitoring": {
"result": true,
"points": 8,
"value": {}
},
"responseTimeConsistency": {
"result": true,
"points": 7,
"value": {}
},
"incidentHistory": {
"result": true,
"points": 0,
"value": {}
}
},
"privacy": {
"score": 10,
"maxScore": 15,
"queryLogging": {
"result": true,
"points": 8
},
"dnsFirewall": {
"result": true,
"points": 10
},
"dnsExposureAssessment": {
"result": true,
"points": 16
}
},
"abusePrevention": {
"score": 32,
"maxScore": 35,
"subdomainTakeover": {
"result": true,
"isProblematic": false,
"points": 20
},
"dnsTunneling": {
"result": false,
"points": 12
},
"sinkholing": {
"result": false,
"points": 0
}
},
"operational": {
"score": 20,
"maxScore": 30,
"ttlConfiguration": {
"result": true,
"points": 8,
"score": 8
},
"certificateTransparency": {
"result": false,
"points": 0,
"value": {}
},
"emailAuthentication": {
"score": 12,
"maxScore": 15,
"spf": {},
"dmarc": {},
"dkim": {}
}
},
"thirdPartyRisk": {
"score": 20,
"maxScore": 20,
"providerSecurity": {
"result": true,
"points": 20
},
"geographicRisk": {
"result": false,
"points": 0
}
},
"grading": {
"grade": "B",
"gradeDescription": "Good - Meets industry security standards with solid fundamentals",
"score": 71,
"recommendations": [
"Enable DNSSEC for authentication and integrity",
"Implement registry lock for domain protection"
],
"methodology": {
"scoringMethod": "Simple weighted average scoring",
"gradeScale": "A: 85-100 | B: 70-84 | C: 55-69 | D: 40-54 | F: 0-39"
},
"assessmentMetadata": {
"completeness": 100,
"categoriesChecked": 13,
"categoriesAssessed": [
"dnssec",
"caa",
"dane",
"registryLock",
"infrastructure",
"authentication",
"monitoring",
"privacy",
"abusePrevention",
"operational",
"thirdPartyRisk"
]
}
}
}
}Authorizations
Bearer token authentication. Use format: Bearer YOUR_API_KEY
Body
Response
DNS health check completed successfully. Enhanced grading is included only when requested and applicable.
success Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
Domain that was assessed
"example.com"
Unique assessment identifier
Assessment timestamp (ISO 8601)
Total assessment time in milliseconds
Comprehensive security grading with enterprise-grade features
Hide child attributes
Hide child attributes
Overall security grade with industry-aligned scoring
Hide child attributes
Hide child attributes
Letter grade using industry-standard boundaries
A, B, C, D, F Numeric score (0-100)
0 <= x <= 100Grade description (e.g., "Excellent - Exceeds industry standards")
Hide child attributes
Hide child attributes
weighted_geometric_mean, arithmetic_mean Context-aware description tailored to domain type and classification
{
"letter": "B",
"numeric": 82,
"descriptor": "Good - Meets industry security standards",
"threshold": {
"min": 80,
"max": 89,
"industry": "Industry Standard",
"methodology": "weighted_geometric_mean"
},
"contextualDescription": "Strong security posture meeting most enterprise requirements with minor optimization opportunities."
}Multi-factor domain classification with confidence scoring
Hide child attributes
Hide child attributes
Domain classification based on multi-factor analysis
enterprise, smb, personal, unknown Hide child attributes
Hide child attributes
Confidence score (0-1)
0 <= x <= 1high, medium, low, very_low Factors supporting the classification
Factors that reduce classification confidence
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
enterprise, managed, basic, unknown tier1, tier2, tier3, unknown 0 <= x <= 100 <= x <= 100 <= x <= 10Hide child attributes
Hide child attributes
comprehensive, basic, none automated, manual, basic, unknown 0 <= x <= 150 <= x <= 10Hide child attributes
Hide child attributes
0 <= x <= 10enterprise, standard, budget, unknown multi_year, annual, unknown 0 <= x <= 10Hide child attributes
Hide child attributes
x >= 0high, medium, low 0 <= x <= 10Hide child attributes
Hide child attributes
0 <= x <= 10Hide child attributes
Hide child attributes
Applicable compliance frameworks (GDPR, HIPAA, SOX, etc.)
critical, high, medium, low mission_critical, business_critical, standard, low {
"type": "enterprise",
"confidence": {
"score": 0.85,
"level": "high",
"reasoning": [
"DNSSEC enabled with comprehensive implementation",
"Registry lock protection active"
],
"uncertaintyFactors": ["Limited subdomain enumeration data"]
},
"factors": {
"dnsInfrastructure": {
"providerType": "enterprise",
"providerTier": "tier1",
"infrastructureComplexity": 8,
"geographicDiversity": 7,
"anycastDeployment": true,
"score": 8.5
},
"securityPosture": {
"dnssecImplementation": "comprehensive",
"certificateManagement": "automated",
"securityControls": 12,
"advancedFeatures": ["DNSSEC", "Registry Lock", "CAA", "DMARC"],
"score": 9
},
"domainCharacteristics": {
"age": 8,
"registrarTier": "enterprise",
"renewalPattern": "multi_year",
"whoisPrivacy": true,
"score": 7.5
},
"subdomainPatterns": {
"count": 15,
"businessIndicators": ["api", "admin", "staging"],
"serviceIndicators": ["mail", "vpn"],
"complexity": "high",
"score": 7
},
"technologyStack": {
"emailServices": ["SPF", "DKIM", "DMARC"],
"webServices": ["CDN"],
"cloudProviders": ["AWS Route53"],
"businessTools": ["Certificate Management", "DDoS Protection"],
"score": 8
}
},
"context": {
"industry": "Technology",
"region": "Global",
"complianceRequirements": ["SOX", "GDPR"],
"riskProfile": "high",
"businessCriticality": "mission_critical"
}
}Weighted Geometric Mean scoring results with critical failure detection
Hide child attributes
Hide child attributes
0 <= x <= 100Scoring methodology used to prevent critical failure masking
weighted_geometric_mean Severity-based category weights (sum = 1.0)
Hide child attributes
Hide child attributes
Weight: 0.22 (highest)
Weight: 0.18
Weight: 0.16
Weight: 0.15
Weight: 0.13
Weight: 0.12
Weight: 0.12 (lowest)
Normalized scores (0-1) used in WGM calculation
Hide child attributes
Hide child attributes
0 <= x <= 10 <= x <= 10 <= x <= 10 <= x <= 10 <= x <= 10 <= x <= 10 <= x <= 1Hide child attributes
Hide child attributes
critical Hide child attributes
Hide child attributes
severe, critical severe, critical True if WGM prevents this failure from being masked by high scores elsewhere
Hide child attributes
Hide child attributes
Score before weighting
Score after category weighting
Penalties for critical failures
Bonuses for excellence
{
"finalScore": 82.5,
"methodology": "weighted_geometric_mean",
"categoryWeights": {
"infrastructureSecurity": 0.22,
"privacy": 0.18,
"abusePrevention": 0.16,
"operationalSecurity": 0.15,
"authentication": 0.13,
"thirdPartyRisk": 0.12,
"registry": 0.12
},
"normalizedScores": {
"infrastructureSecurity": 0.85,
"privacy": 0.75,
"abusePrevention": 0.8,
"operationalSecurity": 0.9,
"authentication": 0.65,
"thirdPartyRisk": 0.85,
"registry": 0.7
},
"criticalFailures": [],
"hasCriticalFailures": false,
"components": {
"baseScore": 85,
"weightedScore": 82.5,
"penaltyAdjustments": 0,
"bonusAdjustments": 2.5
}
}Comprehensive issue analysis with prioritized remediation plan
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
x >= 0Hide child attributes
Hide child attributes
x >= 0x >= 0x >= 0x >= 0Overall risk score (0-10, higher = more risk)
0 <= x <= 10Recommended response urgency based on issue severity
immediate, urgent, scheduled, planned Hide child attributes
Hide child attributes
Unique issue identifier
Issue severity level based on security impact and business risk
critical, high, medium, low Security category (e.g., infrastructureSecurity)
Human-readable issue title
Detailed issue description
Hide child attributes
Hide child attributes
severe, major, moderate, minor Issue severity level based on security impact and business risk
critical, high, medium, low high, medium, low, none high, medium, low, none high, medium, low, none Affected compliance frameworks
Likelihood of the issue being exploited
high, medium, low Combined risk score (impact × likelihood)
0 <= x <= 10System components affected by this issue
How the issue was detected (e.g., "Direct DNS Analysis")
Hide child attributes
Hide child attributes
0 <= x <= 100very_high, high, medium, low, very_low Hide child attributes
Hide child attributes
positive, negative 0 <= x <= 1{
"overall": 85,
"level": "high",
"factors": [
{
"factor": "Direct DNS Measurement",
"impact": "positive",
"weight": 0.8,
"description": "Real-time DNS queries provide high confidence"
}
],
"limitations": ["Some assessments based on inference"]
}Specific subcategory if applicable
Technical details specific to the issue type
Hide child attributes
Hide child attributes
Unique issue identifier
Issue severity level based on security impact and business risk
critical, high, medium, low Security category (e.g., infrastructureSecurity)
Human-readable issue title
Detailed issue description
Hide child attributes
Hide child attributes
severe, major, moderate, minor Issue severity level based on security impact and business risk
critical, high, medium, low high, medium, low, none high, medium, low, none high, medium, low, none Affected compliance frameworks
Likelihood of the issue being exploited
high, medium, low Combined risk score (impact × likelihood)
0 <= x <= 10System components affected by this issue
How the issue was detected (e.g., "Direct DNS Analysis")
Hide child attributes
Hide child attributes
0 <= x <= 100very_high, high, medium, low, very_low Hide child attributes
Hide child attributes
positive, negative 0 <= x <= 1{
"overall": 85,
"level": "high",
"factors": [
{
"factor": "Direct DNS Measurement",
"impact": "positive",
"weight": 0.8,
"description": "Real-time DNS queries provide high confidence"
}
],
"limitations": ["Some assessments based on inference"]
}Specific subcategory if applicable
Technical details specific to the issue type
Hide child attributes
Hide child attributes
Unique issue identifier
Issue severity level based on security impact and business risk
critical, high, medium, low Security category (e.g., infrastructureSecurity)
Human-readable issue title
Detailed issue description
Hide child attributes
Hide child attributes
severe, major, moderate, minor Issue severity level based on security impact and business risk
critical, high, medium, low high, medium, low, none high, medium, low, none high, medium, low, none Affected compliance frameworks
Likelihood of the issue being exploited
high, medium, low Combined risk score (impact × likelihood)
0 <= x <= 10System components affected by this issue
How the issue was detected (e.g., "Direct DNS Analysis")
Hide child attributes
Hide child attributes
0 <= x <= 100very_high, high, medium, low, very_low Hide child attributes
Hide child attributes
positive, negative 0 <= x <= 1{
"overall": 85,
"level": "high",
"factors": [
{
"factor": "Direct DNS Measurement",
"impact": "positive",
"weight": 0.8,
"description": "Real-time DNS queries provide high confidence"
}
],
"limitations": ["Some assessments based on inference"]
}Specific subcategory if applicable
Technical details specific to the issue type
Hide child attributes
Hide child attributes
Unique issue identifier
Issue severity level based on security impact and business risk
critical, high, medium, low Security category (e.g., infrastructureSecurity)
Human-readable issue title
Detailed issue description
Hide child attributes
Hide child attributes
severe, major, moderate, minor Issue severity level based on security impact and business risk
critical, high, medium, low high, medium, low, none high, medium, low, none high, medium, low, none Affected compliance frameworks
Likelihood of the issue being exploited
high, medium, low Combined risk score (impact × likelihood)
0 <= x <= 10System components affected by this issue
How the issue was detected (e.g., "Direct DNS Analysis")
Hide child attributes
Hide child attributes
0 <= x <= 100very_high, high, medium, low, very_low Hide child attributes
Hide child attributes
positive, negative 0 <= x <= 1{
"overall": 85,
"level": "high",
"factors": [
{
"factor": "Direct DNS Measurement",
"impact": "positive",
"weight": 0.8,
"description": "Real-time DNS queries provide high confidence"
}
],
"limitations": ["Some assessments based on inference"]
}Specific subcategory if applicable
Technical details specific to the issue type
Hide child attributes
Hide child attributes
1 = highest priority
x >= 1Issues addressed by this action
Recommended action
low, medium, high immediate, week, month, quarter high, medium, low Required resources or expertise
{
"summary": {
"totalIssues": 3,
"severityDistribution": {
"critical": 1,
"high": 1,
"medium": 1,
"low": 0
},
"categoryDistribution": {
"infrastructureSecurity": 2,
"operationalSecurity": 1
},
"riskScore": 7.2,
"urgencyLevel": "immediate"
},
"criticalIssues": [],
"highIssues": [],
"mediumIssues": [],
"lowIssues": [],
"prioritizedActions": [
{
"priority": 1,
"issueIds": ["infra-critical-001"],
"action": "Implement DNSSEC protection",
"effort": "medium",
"timeframe": "immediate",
"expectedImpact": "high",
"prerequisites": ["DNS provider DNSSEC support"],
"resources": ["DNS administrator", "Security team"]
}
]
}Comprehensive recommendations organized by timeframe and context
Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
critical, high, medium, low Hide child attributes
Hide child attributes
Why this recommendation is important
Hide child attributes
Hide child attributes
Step-by-step implementation guide
Recommended tools
Reference documentation
How to verify successful implementation
Hide child attributes
Hide child attributes
Expected security improvement (0-10 scale)
0 <= x <= 10Expected impact on overall grade
Expected risk reduction percentage
0 <= x <= 100Hide child attributes
Hide child attributes
low, medium, high, very_high low, medium, high, very_high Hide child attributes
Hide child attributes
critical, high, medium, low Hide child attributes
Hide child attributes
Why this recommendation is important
Hide child attributes
Hide child attributes
Step-by-step implementation guide
Recommended tools
Reference documentation
How to verify successful implementation
Hide child attributes
Hide child attributes
Expected security improvement (0-10 scale)
0 <= x <= 10Expected impact on overall grade
Expected risk reduction percentage
0 <= x <= 100Hide child attributes
Hide child attributes
low, medium, high, very_high low, medium, high, very_high Hide child attributes
Hide child attributes
critical, high, medium, low Hide child attributes
Hide child attributes
Why this recommendation is important
Hide child attributes
Hide child attributes
Step-by-step implementation guide
Recommended tools
Reference documentation
How to verify successful implementation
Hide child attributes
Hide child attributes
Expected security improvement (0-10 scale)
0 <= x <= 10Expected impact on overall grade
Expected risk reduction percentage
0 <= x <= 100Hide child attributes
Hide child attributes
low, medium, high, very_high low, medium, high, very_high Hide child attributes
Hide child attributes
critical, high, medium, low Hide child attributes
Hide child attributes
Why this recommendation is important
Hide child attributes
Hide child attributes
Step-by-step implementation guide
Recommended tools
Reference documentation
How to verify successful implementation
Hide child attributes
Hide child attributes
Expected security improvement (0-10 scale)
0 <= x <= 10Expected impact on overall grade
Expected risk reduction percentage
0 <= x <= 100Hide child attributes
Hide child attributes
low, medium, high, very_high low, medium, high, very_high Hide child attributes
Hide child attributes
Why this recommendation is important
Hide child attributes
Hide child attributes
Step-by-step implementation guide
Recommended tools
Reference documentation
How to verify successful implementation
Hide child attributes
Hide child attributes
Expected security improvement (0-10 scale)
0 <= x <= 10Expected impact on overall grade
Expected risk reduction percentage
0 <= x <= 100Hide child attributes
Hide child attributes
low, medium, high, very_high low, medium, high, very_high {
"immediate": {
"timeframe": "Immediate (within 24-48 hours)",
"priority": "critical",
"recommendations": [],
"estimatedEffort": "2-5 days total",
"expectedImpact": "Addresses critical security vulnerabilities"
},
"shortTerm": {
"timeframe": "Short-term (1-4 weeks)",
"priority": "high",
"recommendations": [],
"estimatedEffort": "4-8 weeks total",
"expectedImpact": "Improves overall security posture"
},
"longTerm": {
"timeframe": "Long-term (1-6 months)",
"priority": "medium",
"recommendations": [],
"estimatedEffort": "3-6 months total",
"expectedImpact": "Implements advanced security features"
},
"strategic": {
"timeframe": "Strategic (6+ months)",
"priority": "low",
"recommendations": [],
"estimatedEffort": "6-18 months total",
"expectedImpact": "Establishes enterprise-grade security program"
},
"contextual": []
}Comprehensive audit trail for compliance and defensibility
Hide child attributes
Hide child attributes
Unique assessment identifier
ISO 8601 timestamp
Security grading system version
Hide child attributes
Hide child attributes
Referenced standards (ISO 27001, NIST, etc.)
security_grading_v1 weighted_geometric_mean Hide child attributes
Hide child attributes
Hide child attributes
Hide child attributes
0 <= x <= 100Hide child attributes
Hide child attributes
0 <= x <= 100very_high, high, medium, low, very_low Hide child attributes
Hide child attributes
positive, negative 0 <= x <= 1{
"overall": 85,
"level": "high",
"factors": [
{
"factor": "Direct DNS Measurement",
"impact": "positive",
"weight": 0.8,
"description": "Real-time DNS queries provide high confidence"
}
],
"limitations": ["Some assessments based on inference"]
}Hide child attributes
Hide child attributes
{
"assessmentId": "dns-sec-1703875200-abc123def",
"timestamp": "2024-01-01T12:00:00Z",
"version": "1.0.0",
"methodology": {
"name": "DNS Security Grading System",
"version": "1.0",
"standards": ["ISO 27001", "NIST Cybersecurity Framework"],
"framework": "security_grading_v1",
"scoringMethod": "weighted_geometric_mean",
"weights": {
"infrastructureSecurity": 0.22,
"privacy": 0.18,
"abusePrevention": 0.16,
"operationalSecurity": 0.15,
"authentication": 0.13,
"thirdPartyRisk": 0.12,
"registry": 0.12
},
"thresholds": {
"gradeA": 90,
"gradeB": 80,
"gradeC": 70,
"gradeD": 60,
"gradeF": 0
}
},
"dataSource": {
"dnsQueries": 45,
"externalAPIs": ["DNS-over-HTTPS", "WHOIS"],
"inferenceMethods": ["Provider Pattern Analysis"],
"cacheUtilization": 75,
"dataFreshness": "Real-time",
"reliability": {
"overall": 85,
"level": "high",
"factors": [],
"limitations": []
}
},
"assessmentScope": {
"domain": "example.com",
"subdomainsChecked": 0,
"categoriesAssessed": ["Infrastructure Security", "Privacy"],
"checksPerformed": 15,
"checksSkipped": 0,
"reasonsSkipped": []
},
"limitations": [
"Assessment based on DNS-level analysis only"
],
"assumptions": [
"Provider capabilities based on published specs"
],
"references": ["RFC 4033-4035 (DNSSEC)"]
}Hide child attributes
Hide child attributes
Total assessment time in milliseconds
0 <= x <= 1000 <= x <= 1000 <= x <= 100Was this page helpful?