Sudory Academy

Understand every check

Plain-English explanations of the DNS, email, and HTTP settings Sudory scans for. What each one does, why it matters, and how Sudory decides pass, warn, or fail.

Email authentication

The three records that stop attackers from sending email as you: SPF, DKIM, DMARC. Together they make forgery unprofitable.

SPF →

Lists which servers are allowed to send email as your domain.

DKIM →

Cryptographically signs your mail so receivers can prove it's authentic.

DMARC →

Tells receivers what to do when SPF or DKIM fails: monitor, quarantine, or reject.

MTA-STS →

Forces TLS on inbound SMTP connections. Prevents downgrade attacks on email in transit.

BIMI →

Puts your verified logo next to authenticated email in Gmail, Yahoo, and Apple Mail.

DNS records

The foundational DNS records: A, AAAA, MX, NS, CAA. What they do, what Sudory checks, and what provider signals they reveal.

A record →

IPv4 address your domain resolves to.

AAAA record →

IPv6 address support and provider detection.

MX record →

Mail server priority and delivery routing.

NS record →

Which DNS provider serves your zone.

CAA record →

Restricts which certificate authorities may issue certs for your domain.

DNS security

Cryptographic protection for the DNS layer itself: DNSSEC and DANE. Useful for email providers and high-assurance domains.

DNSSEC →

Signs DNS responses so attackers can't poison resolvers.

DANE / TLSA →

Pins TLS certificates through DNS for stronger trust.

TLS and HTTPS

Certificate validity, protocol versions, and redirect hygiene. The basics every site needs right.

TLS certificate →

Validity, issuer, expiry, and chain.

TLS version →

Which protocol your server negotiates.

HTTPS redirect →

Forcing browsers off plaintext HTTP.

HTTP security headers

Headers your server sends on every response: HSTS, CSP, X-Frame-Options, and the rest. They control what browsers allow.

HSTS →

Tells browsers to always use HTTPS.

Content Security Policy →

Restricts what scripts and resources can load.

X-Frame-Options →

Prevents clickjacking via iframes.

X-Content-Type-Options →

Stops MIME sniffing attacks.

Referrer-Policy →

Controls what URL data leaks to linked sites.

Permissions-Policy →

Which browser features your site can use.

Cookie flags →

The three flags every cookie needs: Secure, HttpOnly, and SameSite.

See what your domain looks like

Every article links back to the scanner. Run a scan, compare your results against the academy, and see exactly where you stand.

Scan your domain