domain & email security
See what an attacker sees.
Type a domain and press Scan. RECON reads the target's public DNS and email-authentication records — the spoofing and exposure surface any outsider can see — and grades it.
Reads only public DNS and email-auth records (SPF, DKIM, DMARC, MTA-STS, DNSSEC, CAA…). Nothing is sent to the target.
Try a domain to get started — e.g. github.com, stripe.com, irs.gov.