cvs.com

Checked 5/14/2026, 11:58:42 PM · 7190ms

Major issues found. Domain is exposed.

Warnings

DNSSEC is not configured. Domain is exposed to DNS spoofing and cache poisoning.
No CAA records found. Any CA in the world can issue certificates for this domain.
Could not verify registration expiry via RDAP: This operation was aborted

Domain registration

This operation was aborted

DNSSEC

not enabled

DS record: absent
AD bit: unset
Resolver: 1.1.1.1 (Cloudflare)

CAA records (0)

No CAA records published. Any CA can issue certs for this domain.

Nameservers (6)

a7-64.akam.net
a8-65.akam.net
a13-65.akam.net
a14-66.akam.net
a18-67.akam.net
a1-84.akam.net

Mail servers (MX)

usb-smtp-inbound-2.mimecast.compriority 10
usb-smtp-inbound-1.mimecast.compriority 10

Blacklist status

clean across 6

checked IP: 170.10.152.242 (MX usb-smtp-inbound-2.mimecast.com), 170.10.150.242 (MX usb-smtp-inbound-2.mimecast.com)

✓ SpamCop
✓ Barracuda
✓ UCEPROTECT-1
✓ PSBL
✓ Mailspike
✓ 0spam

Threat-intel reputation

clean

Domain intel on cvs.com

✓ Malware / phishing intel: clean

Domain is not on any malware-distribution feed we track.

✓ Active threat intel: clean

No active C2 / botnet IOCs against this domain.

Registered 1996-01-30 - established

Established domains rarely host phishing infrastructure.

Recommendations

Enable DNSSEC in your registrar and have your DNS provider sign the zone.
Publish CAA records to restrict cert issuance, e.g. `0 issue "letsencrypt.org"`.

Auto-fix: lock down certificate issuance with CAA

for cvs.com

Let's Encrypt is the most common free CA. If you also use a paid CA (Sectigo, DigiCert, etc.), add additional `0 issue "<ca-host>"` records for each.

Type: CAA
Name: @
Value: 0 issue "letsencrypt.org"
TTL: Auto

Authorise wildcard cert issuance. Drop this record if you never need wildcard certs.

Type: CAA
Name: @
Value: 0 issuewild "letsencrypt.org"
TTL: Auto

Where to send incident reports if a CA detects an unauthorised issuance attempt. Point at a real mailbox.

Type: CAA
Name: @
Value: 0 iodef "mailto:[email protected]"
TTL: Auto

DNS → Records → Add record. Pick the type, paste Name and Content as shown below.
Set Proxy status to "DNS only" (grey cloud) for TXT / CAA records. TTL: Auto.

AI-assisted remediation

Want a tailored fix plan in plain English?

Wiredepth Pro sends this report to our AI engine and streams back a 30-day rollout plan tailored to cvs.com, with provider-specific tips when we can infer them from the data. 10 playbooks per month on Pro, 100 on MSP.

ProSee Pro plans→

Check another domain

Or share this URL with the team that owns the records.