LúminaKite
Domain trust

DNS and email security monitoring

A domain can have a valid certificate and still be vulnerable to spoofing or operational mistakes in DNS. This module turns DNS and email posture into tracked evidence with findings your team can prioritize.

Operational outcomes

DNS & Email

  • Detect DNS drift across records that affect delivery, trust and ownership.
  • Evaluate SPF, DKIM, DMARC, MTA-STS and TLS-RPT posture for monitored domains.
  • Use DMARC RUA ingest on Business plans to understand real mail authentication results.
  • Require domain verification before deeper checks, keeping scans tied to authorized assets.

Core capabilities

DNS snapshots
Capture DNS records over time and compare changes that can affect routing, certificate issuance and mail authentication.
DNS diffing
Highlight additions, removals and value changes so teams can separate planned changes from drift.
Email posture checks
Assess SPF, DKIM, DMARC, MTA-STS and TLS-RPT configuration for each monitored domain.
DMARC aggregate ingest
Business workspaces can ingest DMARC RUA XML reports through a tokenized endpoint to enrich posture with real authentication results.
Finding operations
Findings are summarized and routed with severity so owners can fix weak or missing controls.

How the module works

1

Verify ownership

Publish a DNS TXT record or HTTP file challenge so LuminaKite can trust that the organization controls the domain.

2

Collect DNS and email evidence

Scheduled jobs gather DNS records and evaluate mail authentication policies.

3

Detect changes and gaps

The module compares snapshots, posture summaries and DMARC evidence against expected configuration.

4

Open actionable findings

Weak policies, missing records and risky changes become findings that can be triaged with the rest of the security queue.

Signals and evidence

DNS TXT, MX, CAA and related record snapshots
SPF policy strength and lookup risk
DKIM selector and key evidence
DMARC policy, alignment and reporting destinations
MTA-STS and TLS-RPT configuration

Common use cases

Improve anti-spoofing posture

Move domains from missing or weak DMARC policies toward enforceable controls with visibility into gaps.

Catch risky DNS changes

Detect when a critical DNS record changes unexpectedly after a deployment, registrar update or vendor migration.

Review email authentication at scale

Give security and platform teams one view of SPF, DKIM and DMARC status across monitored domains.

Frequently asked questions

Why does this module require domain verification?

Verification proves ownership before deeper DNS and email evaluations run, which keeps the checks aligned with authorized assets.

Does LuminaKite send email from my domains?

No. The module evaluates public DNS and optional DMARC reports. It does not send mail on behalf of the domain.

Can it show DNS changes over time?

Yes. DNS snapshots and diffs are part of the module, making it easier to investigate when a record changed.

Is DMARC report ingest available on every plan?

DMARC RUA ingest is designed for Business plans because it adds ongoing reporting volume and workflow requirements.

Related modules