Domain Security Guides
Step-by-step instructions for fixing the most common findings from a MyDomainRisk scan. Each guide includes exact DNS record values, platform-specific instructions, and how to verify the fix worked.
How to Fix a Weak DMARC Policy
Move from p=none or p=quarantine to p=reject safely without breaking email delivery.
How to Fix Your SPF Record
Fix a missing, too-permissive, or misconfigured SPF record with exact DNS record values.
How to Add CAA Records
Restrict which certificate authorities can issue TLS certificates for your domain.
How to Enable DNSSEC
Cryptographically sign DNS responses to prevent cache poisoning and traffic hijacking.
How to Add HSTS to Your Website
Force browsers to always use HTTPS with the Strict-Transport-Security header.
How to Fix Your Content Security Policy
Fix a missing CSP or one that contains unsafe-inline — with report-only mode, nonces, and platform-specific deployment.
How to Add Missing Security Headers
Add X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-Frame-Options, and COOP.
How to Create a security.txt File
Publish a security.txt file so researchers can responsibly report vulnerabilities.
How to Set Up DKIM
Add cryptographic email signing for Microsoft 365, Google Workspace, and other platforms.
How to Configure MTA-STS
Enforce TLS encryption for inbound email with a policy file and DNS record.
What Is Subdomain Takeover?
How dangling CNAMEs let attackers host content under your domain — and how to prevent it.