Enter a firm URL, domain, or email address to generate a compliance report.
Free scans refresh every six months. Next free refresh on January 3, 2027. Unlock for immediate access.
Free scan refresh locked
Free scans for this domain refresh every six months. Showing results from July 8, 2026. Next free refresh on January 3, 2027.
Unlock the full report ($99) for immediate re-scan access, detailed threat analysis, and remediation steps.
Domain Security Audit: moody.edu
64%
Overall Compliance Rating
Executive Summary
High Risk
moody.edu has gaps that may weaken documentation of reasonable cybersecurity safeguards under SB 2610 & federal cybersecurity frameworks and confidentiality-focused duties such as the FTC Safeguards Rule. Prioritize the remediation plan below before relying on this configuration as a defensible posture.
β 1 breach notice on file for this domain β most recent 2026-06-16
Sourced from public state AG breach-notification portals and breach aggregators β not necessarily the domain audited here if it changed hands. Verify against the source before citing.
75
Identity & Spoofing
15
Transport Security
100
Email Infrastructure Microsoft 365 / Exchange
45
Website Security
Stack signal: cloudflare β unlock for full sender inventory & header analysis
50
Local Endpoint
π Audit Scoring Methodology
This tool uses a weighted algorithm focused on the FTC Safeguards Rule and SB 2610 & federal cybersecurity frameworks:
Identity & Spoofing (40%): Grades SPF terminal mechanism (-all vs exploitable ~all) and DMARC enforcement including explicit sp=reject subdomain policy.
Transport Security (5%): Requires MTA-STS mode=enforce (not testing/none), plus TLS-RPT and DNSSEC signals.
Website Security (30%): Penalizes missing encryption and clickjacking headers (HSTS, CSP, XFO) and related website transport signals.
Local Endpoint & Network (20%): Evaluates operating system lifecycle support and active IP masking/VPN usage.
Email Infrastructure (5%): Checks for enterprise-grade routing vs. consumer/shared hosts.
π Sample from the full report β DMARC is not fully enforced β a primary BEC and wire-fraud vector
Without strict DMARC (p=reject) and SPF (-all), attackers can email clients as your office:
Toyota Boshoku (2019): Executive impersonation led to $37 million in fraudulent transfers.
Scoular Company (2014): CFO spoofing caused $17.2 million in wire losses.
Office scenario: A spoofed closing@moody.edu or wire@moody.edu email changes payoff wiring instructions hours before a closing.
Unlock the full report for every control β MTA-STS, TLS-RPT, DNSSEC, HSTS, CSP, clickjacking, CAA, security.txt, and endpoint risk β each with named incidents and remediation steps.
π Credential hygiene checklist β unlock in full report
The paid report adds a step-by-step playbook: Have I Been Pwned check (when you audit by email),
MFA rollout, password-manager guidance (we suggest Proton Pass), and Microsoft 365 / Google Workspace
compromised-credential settings β plus our breach-monitoring guide if exposure is found.
π
Detailed Threat Analysis Locked
Your infrastructure reveals specific vulnerabilities regarding the FTC Safeguards Rule. Unlock the full report to access actionable remediation steps, granular DNS data, and the tools below.
What's included in the full report ($99)
Everything below unlocks immediately after checkoutβno separate subscriptions.
π
Executive summary & risk profileFull score breakdown, risk label, and compliance-focused summary for office leadership.
π‘οΈ
Granular DNS & email security analysisDMARC tag detail (rua/adkim/aspf), SPF authorized-sender inventory, DKIM delegation probes, BIMI, MTA-STS enforce status with MX cross-check, DNSSEC, TLS-RPT destinations, and structured CAA analysis β each with real-world incident examples.
π
Website & session security reviewHSTS, CSP, X-Frame-Options, extended security headers, server stack signals, CMS/AMP fingerprint (paid), security.txt (RFC 9116), and lightweight performance/resilience signals with PageSpeed guidance.
β
Top priority remediation planRanked fixes with severity, business impact, and implementation effort for your IT team or vendor.
βοΈ
SB 2610 / Wire-Fraud Relevance MapTechnical readiness mapping tied to applicable sector frameworksβsupporting evidence, not legal advice.
π§
Raw technical evidenceFull DNS records, website header gaps, and probe details ready to paste into tickets or provider consoles.
π€
AI compliance research linksOne-click Perplexity and Google searches pre-filled with your audit findings for the FTC Safeguards Rule.
π
Credential breach & hygiene checklistHIBP one-click check when you audit by email, plus plain-language steps: rotate reused passwords, enable MFA, adopt a password manager (we suggest Proton Pass), enable compromised-credential detection in Microsoft 365 or Google Workspace, and link to our breach-monitoring guide if exposure is found.
π
Typosquatting & lookalike domain checkOne-click Have I Been Squatted lookup for your audited domain β find phishing and impersonation domains that could spoof your brand in BEC and wire-fraud attacks.
π§
Mail Authentication VerifierPaste raw email headers and cross-check SPF, DKIM, and DMARC results against live DNS (DMARC, SPF, DKIM selectors, MTA-STS, TLS-RPT, BIMI) for your audited domain.
π¨
Favicon & Brand Icon Suite (90-day access)Protected link to favicon.emailmenow.com β generate favicon.ico, SVG, Apple touch icon, PWA PNGs, and site.webmanifest for browser tabs, mobile home screens, and inbox branding.
π
Three SB 2610 compliance PDF guidesDelivered by email: general cybersecurity guide, Safe Harbor overview, and tiered requirements detailed guide.
π
Print-ready report & fulfillment emailBrowser access via secure checkout link, plus a branded email with your full report and included resources.
π‘οΈ
Privacy-Focused Processing: Free scan summaries for a domain are cached for up to six months so we can limit automated re-scans. Paid unlocks, nonprofit fulfillment, and admin requests bypass that window. Payment, email delivery, security logs, and request metadata may be processed by Stripe, Resend, and Cloudflare infrastructure.
Related Cybersecurity News β Title & Real Estate Office