fidelity.com

Checked 5/14/2026, 11:59:40 PM · 447ms

Some critical hardenings missing.

Warnings

DNSSEC is not configured. Domain is exposed to DNS spoofing and cache poisoning.
No CAA records found. Any CA in the world can issue certificates for this domain.

Domain registration

107d to expiry

Registrar: CSC Corporate Domains, Inc.
Registered: Aug 31, 1996
Expires: Aug 30, 2026
Status: client transfer prohibited, server delete prohibited, server transfer prohibited, server update prohibited

DNSSEC

not enabled

DS record: absent
AD bit: unset
Resolver: 1.1.1.1 (Cloudflare)

CAA records (0)

No CAA records published. Any CA can issue certs for this domain.

Nameservers (5)

udns1.cscdns.net
a8-64.akam.net
udns2.cscdns.uk
a1-188.akam.net
a2-65.akam.net

Mail servers (MX)

fidelity-com.mail.protection.outlook.compriority 0

Blacklist status

clean across 6

checked IP: 52.101.9.12 (MX fidelity-com.mail.protection.outlook.com), 52.101.11.2 (MX fidelity-com.mail.protection.outlook.com), 40.93.192.4 (MX fidelity-com.mail.protection.outlook.com), 52.101.10.2 (MX fidelity-com.mail.protection.outlook.com)

✓ SpamCop
✓ Barracuda
✓ UCEPROTECT-1
✓ PSBL
✓ Mailspike
✓ 0spam

Threat-intel reputation

clean

Domain intel on fidelity.com

✓ Malware / phishing intel: clean

Domain is not on any malware-distribution feed we track.

✓ Active threat intel: clean

No active C2 / botnet IOCs against this domain.

Registered 1996-08-31 - established

Established domains rarely host phishing infrastructure.

Recommendations

Enable DNSSEC in your registrar and have your DNS provider sign the zone.
Publish CAA records to restrict cert issuance, e.g. `0 issue "letsencrypt.org"`.

Auto-fix: lock down certificate issuance with CAA

for fidelity.com

Let's Encrypt is the most common free CA. If you also use a paid CA (Sectigo, DigiCert, etc.), add additional `0 issue "<ca-host>"` records for each.

Type: CAA
Name: @
Value: 0 issue "letsencrypt.org"
TTL: Auto

Authorise wildcard cert issuance. Drop this record if you never need wildcard certs.

Type: CAA
Name: @
Value: 0 issuewild "letsencrypt.org"
TTL: Auto

Where to send incident reports if a CA detects an unauthorised issuance attempt. Point at a real mailbox.

Type: CAA
Name: @
Value: 0 iodef "mailto:[email protected]"
TTL: Auto

DNS → Records → Add record. Pick the type, paste Name and Content as shown below.
Set Proxy status to "DNS only" (grey cloud) for TXT / CAA records. TTL: Auto.

AI-assisted remediation

Want a tailored fix plan in plain English?

Wiredepth Pro sends this report to our AI engine and streams back a 30-day rollout plan tailored to fidelity.com, with provider-specific tips when we can infer them from the data. 10 playbooks per month on Pro, 100 on MSP.

ProSee Pro plans→

Check another domain

Or share this URL with the team that owns the records.