Release notes

Feature Update – DKIM Detection Improvements

Improved

• (DNS Checker) Expanded DKIM selector detection by adding checks for ProtonMail selectors (protonmail._domainkey, protonmail2._domainkey, protonmail3._domainkey)

The DNS checker can now more reliably detect ProtonMail DKIM configurations during subdomain discovery.

Feature Update – Statistics Dashboard & System Improvements

New

• (Statistics) Added DNS statistics dashboard analyzing historical DNS snapshots
• (Statistics) Email security adoption metrics showing SPF, DKIM and DMARC usage rates across analyzed domains
• (Statistics) DNS provider distribution analytics identifying commonly used DNS infrastructure
• (Statistics) Top DNS provider rankings based on authoritative name server detection
• (Statistics) SPF include statistics highlighting the most common third-party SPF services
• (Statistics) MX host statistics identifying common email infrastructure providers
• (Statistics) SPF policy distribution analysis showing usage of -all, ~all, ?all and +all policies
• (Statistics) Average DNS record metrics calculating typical A, MX, TXT, CNAME and NS record counts per domain
• (Statistics) Interactive provider distribution chart using Chart.js
• (Navigation) Added unified navigation bar linking DNS Checker, Statistics and Release Notes pages
• (Navigation) Release notes moved to a dedicated standalone page

Improved

• (Statistics) Improved DNS provider statistics accuracy by analyzing authoritative NS records only
• (Statistics) Statistics engine modularized with dedicated analysis functions
• (Statistics) Provider statistics limited to Top 10 entries for improved dashboard readability
• (Statistics) Dashboard layout redesigned using responsive Bootstrap analytics cards
• (Statistics) Added safeguards preventing charts from rendering when insufficient data exists
• (Navigation) Navigation links now dynamically resolve the application base path
• (DNS Checker) Infrastructure detection logic updated to improve provider identification accuracy

Fix

• (DNS Checker) Corrected DNS provider misclassification caused by mixed infrastructure detection signals
• (Navigation) Fixed broken navigation paths when accessing tools from nested UI pages

The DNS checker now provides both detailed per-domain analysis and aggregated DNS ecosystem insights across all scanned domains.

Feature Update – Email Security & DNS Analysis Improvements

New

• Added email security scoring system combining SPF, DKIM and DMARC analysis
• Score explanations now highlight detected configuration issues
• External DMARC reporting authorization checks
• DMARC enforcement diagnostics detecting when DMARC cannot succeed without SPF or DKIM
• Detection of configurations where DMARC relies only on SPF or only on DKIM
• Security check for weaker DMARC subdomain policies (sp tag)
• Detection of DMARC records incorrectly published outside the _dmarc subdomain
• Tabbed Email Security interface separating SPF, DKIM and DMARC diagnostics for improved usability
• Email security score panel now aggregates SPF, DKIM and DMARC warnings for faster risk assessment
• SPF dependency tree visualization showing recursive include and redirect relationships
• Collapsible SPF dependency tree in the Email Security → SPF tab for improved troubleshooting

Improved

• Improved DMARC detection with support for CNAME-based DMARC records
• Expanded DMARC analysis with alignment, reporting, and enforcement details
• Detects partial DMARC enforcement using pct values
• Warns when DMARC reporting addresses are missing
• Validates required DMARC policy tag (p=)
• Full DMARC tag validation including pct, sp, adkim, aspf, fo, rf and ri
• DMARC reporting URI validation for rua and ruf mailto schemes
• Improved DMARC diagnostics to identify configurations where email authentication cannot pass
• Improved SPF validation with RFC-compliant TXT record parsing and multi-string record handling
• Expanded SPF syntax validation including CIDR verification and duplicate mechanism detection
• SPF include and redirect validation ensuring referenced domains publish valid SPF records
• Detection of conflicting SPF configurations such as redirect used together with all mechanisms
• Improved SPF lookup analysis with accurate recursive DNS lookup counting
• Added recursive SPF include and redirect evaluation for more accurate DNS lookup analysis
• SPF recursion caching to improve performance when analyzing large include chains
• Improved SPF mechanism validation including exists and redirect domain validation
• SPF macro detection and improved mechanism validation
• More accurate DKIM selector and key validation
• Improved DKIM validation with detection of revoked and malformed keys

Fix

• Prevents duplicate DMARC records appearing in TXT output
• Detects invalid configurations with multiple DMARC records
• Improved TXT record normalization
• Reduced duplicate records during DNS analysis
• Improved DNS parsing reliability for complex TXT records
• Prevents duplicate DMARC warnings during analysis
• Fixed SPF TXT parsing issues with multi-segment DNS TXT records
• Corrected SPF lookup counting in complex SPF configurations
• Implemented RFC 7208 compliant void lookup limit detection for SPF analysis

Results are now more consistent and easier to interpret.

Feature Update – DNSSEC & Performance Improvements

• Added DNSSEC detection with detailed DS record information
• Integrated secure DNS-over-HTTPS (DoH) lookups
• Smart caching for faster repeated queries
• Clear indicator showing whether DNSSEC results are live or cached
• Automatic cleanup of expired cache data

Improved accuracy, better performance, and clearer visibility into domain security.

DNS validation improvements

The DNS checker now verifies that a domain exists before running a full scan.

• Detects when a domain does not exist (NXDOMAIN)
• Improved handling of DNS failures and timeouts

Prevents empty scan results for invalid domains

Stability update

• Added basic rate limiting to protect performance
• Improved WHOIS timeout handling for better reliability

Backend improvements for a more stable and responsive experience.

Major UI & Intelligence upgrade

DNS checker just got smarter and cleaner.

New: Domain Intelligence panel

All analysis features are now structured inside a unified Domain Intelligence section:

• Overview tab – Instant security and registration summary
• Email Security tab – Detailed SPF, DKIM & DMARC analysis
• Providers tab – Multi-signal hosting & infrastructure detection
• Registration tab – Domain ownership and lifecycle data (.dk supported)

Cleaner layout. Better structure. Less scrolling.

New: Domain Registration (First WHOIS Integration)

• Registration date
• Expiration date
• Domain status
• Registrar information (if available)

Integrated directly into the Intelligence panel.

Improved Email Security Clarity

• Valid SPF & DMARC records show in green
• Non-enforcing policies (e.g. DMARC p=none) show in orange
• Missing or invalid records show in red

No more confusing red valid records.

Enhanced DNS History

• Collapsible snapshot timeline
• Record counts per snapshot
• Structured record rendering (no raw JSON)
• Copy-to-clipboard support inside history
• Automatic diff detection between snapshots

History is now readable and actionable.

Feature update - DNS history

• Based only on lookups using this tool (save states for the last 10 lookups)
• Built directly into the DNS view using the "History" tab

Visual updates and copy to clipboard functionality is coming to the History tab.

New features

• Added dynamic provider loader (loadProviders())
• Added dynamic subdomains loader (loadSubdomains())
• Moved provider fingerprints to versioned config files
• Moved subdomains to versioned config files
• Merged legacy Unoeuro signals into Simply.com detection
• Merged all 4/2 release notes into one