Free tool · DNS & domain
DNS / email infrastructure map
Visualise your nameservers, mail exchangers, SPF includes, DKIM selectors, DMARC and MTA-STS in one diagram. Each hop is classified by provider so you can spot supply-chain risk (e.g. MX on Google but DMARC reporting at a third-party) in a single glance.
Frequently asked questions
What does the map actually show?
Every external dependency in your DNS and email setup, drawn as a graph. Your apex sits in the centre; nameservers, mail exchangers, SPF includes (recursively expanded), DKIM selectors, DMARC reporting endpoints, and MTA-STS policy hosts each get their own node. Each node is labelled with the provider we identified (Cloudflare, Google, Mailgun, etc.).
Why is this useful?
Supply-chain risk in email is invisible until it bites you. Seeing every hop in one diagram surfaces the cases that matter: an MX on Google with no Google in your SPF, a DMARC reporting endpoint at a company you forgot you use, an SPF include for a vendor you stopped using two years ago.
Are dependencies sorted by risk?
Not in this free version - we surface them all. Wiredepth Pro continuously maps your dependencies and alerts on changes (new NS appeared, MX shifted to a new provider, SPF include added or removed).
Why is my DKIM list empty?
We probe a fixed set of common selectors (default, google, selector1/2, mail, etc). Custom DKIM selectors are invisible to the probe - this does not mean DKIM is not configured. For a full audit run the email forensics tool against an actual email from this domain.
Does this work for non-mail domains?
Yes - non-mail domains will show NS only, with empty MX / SPF / DKIM / MTA-STS sections. The graph is still a useful inventory of the DNS provider chain.