Enter a firm URL, domain, or email address to generate a compliance report.
Free scans refresh every six months. Next free refresh on January 11, 2027. Unlock for immediate access.
Free scan refresh locked
Free scans for this domain refresh every six months. Showing results from July 15, 2026. Next free refresh on January 11, 2027.
Unlock the full report ($99) for immediate re-scan access, detailed threat analysis, and remediation steps.
Domain Security Audit: texasattorneygeneral.gov
37%
Overall Compliance Rating
Executive Summary
Critical Risk
texasattorneygeneral.gov has gaps that may weaken documentation of reasonable cybersecurity safeguards under SB 2610 & federal cybersecurity frameworks and confidentiality-focused duties such as CISA SLTT cybersecurity guidance. Prioritize the remediation plan below before relying on this configuration as a defensible posture.
Stack signal: cloudflare β unlock for full sender inventory & header analysis
50
Local Endpoint
Additional scan signals (summary)
Website soft-header score adjustment applied (β5). Unlock for named header rows and Low remediations.
DNS host signal: External DNS. Unlock for full nameserver list and DNSSEC guidance.
Client discovery: Microsoft Lync legacy target (informational). Unlock for full note.
IPv6 / dual-stack: IPv4-only (no AAAA observed for website or mail hosts) (informational β not scored). Unlock for MX address-family detail.
π Audit Scoring Methodology
This tool uses a weighted algorithm focused on CISA SLTT cybersecurity guidance and SB 2610 & federal cybersecurity frameworks:
Identity & Spoofing (40%): Grades SPF terminal mechanism (-all vs exploitable ~all) and DMARC enforcement including explicit sp=reject subdomain policy and np=reject for non-existent subdomains.
Transport Security (5%): Requires MTA-STS mode=enforce (not testing/none), plus TLS-RPT and DNSSEC signals. DNS host, IPv6 dual-stack, and BIMI are shown for guidance and are not primary score drivers.
Website Security (30%): Penalizes missing encryption and clickjacking headers (HSTS, CSP, XFO), plus soft deductions for X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.
Local Endpoint & Network (20%): Evaluates operating system lifecycle support and active IP masking/VPN usage.
Email Infrastructure (5%): Checks for enterprise-grade routing vs. consumer/shared hosts; small ding only for definitive dangling lyncdiscover (Microsoft Lync legacy targets are Info only).
π Sample from the full report β DMARC is not fully enforced β a primary BEC and wire-fraud vector
Without strict DMARC (p=reject) and SPF (-all), attackers can email residents as your agency:
Toyota Boshoku (2019): Executive impersonation led to $37 million in fraudulent transfers.
Scoular Company (2014): CFO spoofing caused $17.2 million in wire losses.
Agency scenario: A fake finance@texasattorneygeneral.gov vendor-invoice email reroutes a municipal payment to a criminal account.
Unlock the full report for every control β MTA-STS, TLS-RPT, DNSSEC, HSTS, CSP, clickjacking, CAA, security.txt, and endpoint risk β each with named incidents and remediation steps.
π Credential hygiene checklist β unlock in full report
The paid report adds a step-by-step playbook: Have I Been Pwned check (when you audit by email),
MFA rollout, password-manager guidance (we suggest Proton Pass), and Microsoft 365 / Google Workspace
compromised-credential settings β plus our breach-monitoring guide if exposure is found.
π
Detailed Threat Analysis Locked
Your infrastructure reveals specific vulnerabilities regarding CISA SLTT cybersecurity guidance. Unlock the full report to access actionable remediation steps, granular DNS data, and the tools below.
What's included in the full report ($99)
Everything below unlocks immediately after checkoutβno separate subscriptions.
π
Executive summary & risk profileFull score breakdown, risk label, and compliance-focused summary for agency leadership.
π‘οΈ
Granular DNS & email security analysisDMARC tag detail (rua/adkim/aspf), SPF authorized-sender inventory, DKIM delegation probes, BIMI, MTA-STS enforce status with MX cross-check, DNSSEC, TLS-RPT destinations, structured CAA analysis, DNS host/nameserver identity, limited lyncdiscover dangling checks, and IPv6 dual-stack readiness β each with real-world context where applicable.
π
Website & session security reviewHSTS, CSP, X-Frame-Options, scored soft checks for X-Content-Type-Options / Referrer-Policy / Permissions-Policy, extended header grid, server stack signals, CMS/AMP fingerprint (paid), security.txt (RFC 9116), and lightweight performance/resilience signals with PageSpeed guidance.
β
Top priority remediation planRanked fixes with severity, business impact, and implementation effort for your IT team or vendor.
βοΈ
Public Sector Compliance Relevance MapTechnical readiness mapping tied to applicable sector frameworksβsupporting evidence, not legal advice.
π§
Raw technical evidenceFull DNS records, website header gaps, and probe details ready to paste into tickets or provider consoles.
π€
AI compliance research linksOne-click Perplexity and Google searches pre-filled with your audit findings for CISA SLTT cybersecurity guidance.
π
Credential breach & hygiene checklistHIBP one-click check when you audit by email, plus plain-language steps: rotate reused passwords, enable MFA, adopt a password manager (we suggest Proton Pass), enable compromised-credential detection in Microsoft 365 or Google Workspace, and link to our breach-monitoring guide if exposure is found.
π
Typosquatting & lookalike domain checkOne-click Have I Been Squatted lookup for your audited domain β find phishing and impersonation domains that could spoof your brand in BEC and wire-fraud attacks.
π§
Mail Authentication VerifierPaste raw email headers and cross-check SPF, DKIM, and DMARC results against live DNS (DMARC, SPF, DKIM selectors, MTA-STS, TLS-RPT, BIMI) for your audited domain.
π¨
Favicon & Brand Icon Suite (90-day access)Protected link to favicon.emailmenow.com β generate favicon.ico, SVG, Apple touch icon, PWA PNGs, and site.webmanifest for browser tabs, mobile home screens, and inbox branding.
π
Three SB 2610 compliance PDF guidesDelivered by email: general cybersecurity guide, Safe Harbor overview, and tiered requirements detailed guide.
π
Print-ready report & fulfillment emailBrowser access via secure checkout link, plus a branded email with your full report and included resources.
π‘οΈ
Privacy-Focused Processing: Free scan summaries for a domain are cached for up to six months so we can limit automated re-scans. Paid unlocks, nonprofit fulfillment, and admin requests bypass that window. Payment, email delivery, security logs, and request metadata may be processed by Stripe, Resend, and Cloudflare infrastructure.
Related Cybersecurity News β Local Government & School District