← Back to search

Free DNS & Email Security Scanner | NIST-Aligned | BlackVeil Security

blackveilsecurity.com

See what attackers see. Free AI-powered scanner checks your DNS, SPF, DMARC, DKIM, and infrastructure in 60 seconds. Scoring aligned with NIST SP 800-81r3. Plain-language results with clear next steps.

90
Agent Ready
Agentic Readiness Score
developer openapiapiai-friendlyemailsecurityllms-txtai-plugin

Agentic Signals

📄
llms.txt ↗
Found
🤖
ai-plugin.json ↗
Found
📖
OpenAPI Spec
Found
🔗
Structured API
Found
🛡
AI Bot Access (robots.txt) ↗
Allowed
🏷
Schema.org Markup
Found
MCP Server
Not found

Embed this badge

Show off your agentic readiness — the badge auto-updates when your score changes.

Agentic Ready 90/100 

            

        

        

        
        

            
llms.txt Content

            
# BlackVeil Security

> DNS security scanning, email authentication analysis, and threat detection API. Free to use — no API key required for basic scans.

## What BlackVeil Does

BlackVeil scans domains for 55 security checks across 4 categories:
- Email Security: SPF, DMARC, DKIM, DNSBL, MTA-STS, TLS-RPT, BIMI
- Domain & Web Security: SSL/TLS, DNSSEC, HTTP security headers, HSTS, CAA
- Infrastructure: MX records, A/AAAA records, zone hygiene
- Visibility & Exposure: Attacker surface, admin panel exposure, sensitive files, AI agent exposure

Returns a 0-100 security score with threat level (secure/low/medium/high/critical) and actionable remediation guidance per check.

## Quick Start (No Auth Required)

Check any domain's DNS security (one check type at a time):

  GET https://www.blackveilsecurity.com/api/dns/check?domain=example.com&type=SPF

Available types: SPF, DMARC, DKIM, SSL, DNSSEC, HTTP_HEADERS, MTA_STS, CAA, DNSBL, MX, SUBDOMAIN_TAKEOVER

Response:

  {
    "checkType": "SPF",
    "status": "pass",
    "score": 80,
    "valid": true,
    "exists": true,
    "details": "SPF strong (-all, 1/10 lookups)",
    "records": ["v=spf1 include:_spf.google.com -all"],
    "timestamp": 1773859716847
  }

For a full 55-check scan, use the MCP server: npx blackveil-dns (tool: scan_domain)

Rate limit: 10 requests/hour unauthenticated. Check X-RateLimit-Remaining header.

## MCP Server

BlackVeil is available as an MCP server for AI agents:
- Package: blackveil-dns (npm install blackveil-dns)
- Tools (41): scan_domain, check_spf, check_dmarc, check_dkim, check_ssl, check_dnssec, check_http_security, check_mx, check_mta_sts, check_dane, check_dane_https, check_bimi, check_tlsrpt, check_ns, check_caa, check_svcb_https, check_mx_reputation, check_lookalikes, check_shadow_domains, check_txt_hygiene, check_zone_hygiene, check_srv, check_resolver_consistency, assess_spoofability, map_supply_chain, resolve_spf_chain, discover_subdomains, map_compliance, simulate_attack_pat

        

        

        
        

            
OpenAPI Spec (preview)

            
openapi: 3.0.3
info:
  title: BlackVeil Security API
  description: |
    REST API for BlackVeil Security DNS security scanning and monitoring platform.

    ## Authentication
    All authenticated endpoints require a Bearer token in the Authorization header:
    ```
    Authorization: Bearer bv_live_xxxxxxxxxxxxxxxxxxxxxxxx
    ```

    Create API keys from your Dashboard > API Keys page.

    ## Rate Limits
    Rate limits vary by plan. Check response headers for current limits:
    - `X-RateL