Sudory Academy
Understand every check
Plain-English explanations of the DNS, email, and HTTP settings Sudory scans for. What each one does, why it matters, and how Sudory decides pass, warn, or fail.
The stack that delivers authenticated, encrypted mail to your domain. Ordered from foundation (tier 0, MX) up to trust signals (tier 5, BIMI).
MX record →
The zero point: where mail for your domain is delivered. (Tier 0)
SPF →
Lists which servers are allowed to send email as your domain. (Tier 1)
DKIM →
Cryptographically signs your mail so receivers can prove it's authentic. (Tier 1)
DMARC →
Tells receivers what to do when SPF or DKIM fails: monitor, quarantine, or reject. (Tier 2)
MTA-STS →
Forces TLS on inbound SMTP connections. Prevents downgrade attacks on email in transit. (Tier 3)
BIMI →
Puts your verified logo next to authenticated email in Gmail, Yahoo, and Apple Mail. (Tier 5)
DNS trust
The DNS-layer building blocks, ordered from mere existence (A, AAAA) up to cryptographic binding of TLS certificates via DANE.
A record →
IPv4 address your domain resolves to. (Tier 0)
AAAA record →
IPv6 address support and provider detection. (Tier 0)
NS record →
Which DNS provider serves your zone. (Tier 1)
CAA record →
Restricts which certificate authorities may issue certs for your domain. (Tier 2)
DNSSEC →
Signs DNS responses so attackers can't poison resolvers. (Tier 3)
DANE / TLSA →
Pins TLS certificates through DNS for stronger trust. (Tier 4)
Web security
Browser-level defenses for an HTTPS site, ordered from HTTPS at all (tier 0) up to session hardening (tier 5).
HTTPS redirect →
Forcing browsers off plaintext HTTP. (Tier 0)
TLS certificate →
Validity, issuer, expiry, and chain. (Tier 1)
TLS version →
Which protocol your server negotiates. (Tier 1)
HSTS →
Tells browsers to always use HTTPS. (Tier 2)
Content Security Policy →
Restricts what scripts and resources can load. (Tier 3)
X-Frame-Options →
Prevents clickjacking via iframes. (Tier 3)
X-Content-Type-Options →
Stops MIME sniffing attacks. (Tier 3)
Referrer-Policy →
Controls what URL data leaks to linked sites. (Tier 4)
Permissions-Policy →
Which browser features your site can use. (Tier 4)
Cookie flags →
The three flags every cookie needs: Secure, HttpOnly, and SameSite. (Tier 5)
See what your domain looks like
Every article links back to the scanner. Run a scan, compare your results against the academy, and see exactly where you stand.