DNS and email security monitoring
A domain can have a valid certificate and still be vulnerable to spoofing or operational mistakes in DNS. This module turns DNS and email posture into tracked evidence with findings your team can prioritize.
Operational outcomes
DNS & Email
- Detect DNS drift across records that affect delivery, trust and ownership.
- Evaluate SPF, DKIM, DMARC, MTA-STS and TLS-RPT posture for monitored domains.
- Use DMARC RUA ingest on Business plans to understand real mail authentication results.
- Require domain verification before deeper checks, keeping scans tied to authorized assets.
Core capabilities
How the module works
Verify ownership
Publish a DNS TXT record or HTTP file challenge so LuminaKite can trust that the organization controls the domain.
Collect DNS and email evidence
Scheduled jobs gather DNS records and evaluate mail authentication policies.
Detect changes and gaps
The module compares snapshots, posture summaries and DMARC evidence against expected configuration.
Open actionable findings
Weak policies, missing records and risky changes become findings that can be triaged with the rest of the security queue.
Signals and evidence
Common use cases
Improve anti-spoofing posture
Move domains from missing or weak DMARC policies toward enforceable controls with visibility into gaps.
Catch risky DNS changes
Detect when a critical DNS record changes unexpectedly after a deployment, registrar update or vendor migration.
Review email authentication at scale
Give security and platform teams one view of SPF, DKIM and DMARC status across monitored domains.
Frequently asked questions
Why does this module require domain verification?
Verification proves ownership before deeper DNS and email evaluations run, which keeps the checks aligned with authorized assets.
Does LuminaKite send email from my domains?
No. The module evaluates public DNS and optional DMARC reports. It does not send mail on behalf of the domain.
Can it show DNS changes over time?
Yes. DNS snapshots and diffs are part of the module, making it easier to investigate when a record changed.
Is DMARC report ingest available on every plan?
DMARC RUA ingest is designed for Business plans because it adds ongoing reporting volume and workflow requirements.