Datazag

Sample Report

See what a free domain report can show.

This sample illustrates the kind of external security and infrastructure findings Datazag can return from a work email domain: DNS posture, mail controls, subdomain discovery, platform footprint, impersonation exposure and practical remediation steps.

Get my free reportBack to reports
Sample ReportOutput
Signal
Context
Correlation
Confidence
Action

No asset list

The starting point is a work email domain. Datazag maps what is externally visible from public infrastructure.

Subdomain discovery

The report can surface visible subdomains, derive platform usage and flag issues such as hanging CNAMEs.

External threat

Detected platform usage can be compared with external impersonation infrastructure targeting those same platforms.

Actionable output

Findings are written with evidence, remediation steps and upgrade paths into monitoring or evidence-led response.

Sample only

A report should make external exposure understandable without a scoping call.

Most organisations have a visible external footprint they do not fully track: email controls, DNS records, subdomains, SaaS and cloud dependencies, hosting relationships, platform usage and infrastructure that may already be impersonating the brands or platforms they rely on.

The free Datazag report is designed to give a practical first view of that footprint. It should be clear enough for a business owner or executive to understand, but specific enough for a technical team to act on.

This sample is illustrative. Live report contents depend on the domain, what is visible externally, which records are present, which subdomains are discovered, and which threat signals are active at the time the report is generated.

  1. 01

    Discover

    Use the submitted work email to identify the organisation domain, visible subdomains and externally observable infrastructure.

  2. 02

    Assess

    Check DNS, mail authentication, CNAMEs, hosting, platform footprint, certificates and obvious posture gaps.

  3. 03

    Correlate

    Compare detected platforms, subdomain patterns and naming signals with impersonation and infrastructure intelligence.

  4. 04

    Explain

    Return findings, evidence, severity, remediation steps and options for monitoring or deeper analysis.

Report sections

The report is structured around what the recipient can understand and act on.

The free version should show enough useful value to justify the exchange, while leaving clear paths into paid monitoring, portfolio reporting, alerts, API enrichment or data-share access.

Posture

DNS, email and external hygiene.

Footprint

subdomains, platforms and providers.

Threat

external impersonation and remediation context.

Security hygiene

DNS and email posture

This section should be practical. The goal is to show whether the domain has the basic records and policies that reduce spoofing and improve trust with mail providers and recipients.

Coverage

SPF, DKIM, DMARC, MX, NS, registrar, TLS/certificate context and visible DNS configuration.

Primary action

Highlight gaps that affect spoofing, deliverability, domain trust and basic internet-facing security hygiene.

  • DMARC policy and alignment indicators
  • SPF and DKIM presence where visible
  • MX and nameserver provider context
  • Plain-language remediation priority

Hidden external surface

Subdomain discovery

Subdomains often expose the real operating footprint: customer portals, login flows, marketing tools, helpdesk systems, storage buckets, CDNs and test environments. They can also reveal hanging CNAMEs where a DNS record points to a service that is no longer properly claimed.

Coverage

Visible subdomains, CNAME targets, service aliases, platform-derived records, abandoned-looking hostnames and potential dangling or hanging CNAME issues.

Primary action

Surface subdomains that reveal platform usage, forgotten services, shadow infrastructure, takeover risk or configuration drift.

  • Discovered hostnames and service aliases
  • CNAME target and provider attribution
  • Potential dangling or hanging CNAME indicators
  • Subdomain-derived platform and vendor footprint

What the domain appears to use

Platform and vendor footprint

Attackers often impersonate the platforms an organisation actually uses. Mapping that footprint makes the report more relevant than generic brand monitoring.

Coverage

Mail providers, SaaS, cloud, CDN, hosting, collaboration tools, support platforms and other vendor/provider signals inferred from DNS, subdomains and public infrastructure.

Primary action

Show which platforms may expose the organisation to impersonation, supplier dependency or customer-trust risk.

  • Detected mail and SaaS providers
  • Cloud/CDN/hosting context where visible
  • Platform categories relevant to impersonation
  • Signals suitable for follow-up monitoring

Impersonation around what you use

External platform threat

This is a core Datazag distinction. A customer may not see a fake version of their own brand, but attackers may still exploit trust by impersonating the login, payment, support, storage or collaboration platforms their staff and customers already recognise.

Coverage

Platform impersonation targeting detected vendors such as Microsoft, Google, Apple, PayPal, Stripe, Shopify, Slack, Zendesk, HubSpot or other platforms visible in the domain footprint.

Primary action

Show whether external infrastructure is being created to impersonate platforms the organisation actually depends on, even when the organisation's own brand is not directly copied.

  • Detected platform dependency mapped from the domain footprint
  • External platform impersonation patterns observed in Datazag intelligence
  • Hosting, ASN, certificate and naming context for suspicious infrastructure
  • Recommended response: monitor, block, investigate or expand to alerts

Action plan

Remediation and next steps

A good report should not only diagnose. It should make the next action obvious, whether that is tightening DMARC, removing stale CNAMEs, reviewing a provider dependency, monitoring a platform or asking for a deeper portfolio view.

Coverage

Priority fixes, suggested checks, subdomain cleanup, hanging-CNAME remediation, monitoring options, evidence-pack escalation, portfolio reporting and alerting upgrade paths.

Primary action

Give the recipient a small number of next steps that can be acted on by IT, security, leadership or a partner provider.

  • Prioritised recommendations
  • Business-readable summary
  • Technical remediation notes
  • Upgrade path to monitoring or evidence-led response
The sample is intentionally generic. Live findings should be generated from the submitted domain and current Datazag intelligence, not from static claims.

How it works

What the sample report covers.

  1. 01

    Discover

    Use the submitted work email to identify the organisation domain, visible subdomains and externally observable infrastructure.

  2. 02

    Assess

    Check DNS, mail authentication, CNAMEs, hosting, platform footprint, certificates and obvious posture gaps.

  3. 03

    Correlate

    Compare detected platforms, subdomain patterns and naming signals with impersonation and infrastructure intelligence.

  4. 04

    Explain

    Return findings, evidence, severity, remediation steps and options for monitoring or deeper analysis.

Decision-ready output

Signals become evidence, evidence becomes confidence, confidence becomes action.

The purpose is not to show more data. The purpose is to reduce uncertainty at the point where a team, customer or system has to make a decision.

Example finding

Email authentication gap.

This is an example of a useful free-report finding: specific enough for a technical team to validate, but written clearly enough for a non-specialist recipient to understand the risk.

Why this matters

The alert is designed to show the domain, the matched entity, the infrastructure context, the confidence and the evidence trail in a form that can flow straight into operational channels.

REPORT | HIGH

DMARC Policy Not Enforcing

RED

example-business.co.uk

Finding

DMARC record present but policy is not enforcing

Observed policy

p=none

Why it matters

Attackers may have an easier path to spoofing the domain if other controls are weak or misaligned

Recipient impact

Customers and staff may find it harder to distinguish legitimate mail from impersonation

Suggested next step

Review SPF/DKIM alignment, monitor failures, then move gradually towards quarantine or reject

Owner

IT, security, MSP or email administrator

Evidence

DNS TXT record and mail-authentication posture

Upgrade path

Monitor spoofing, platform impersonation and suspicious infrastructure around detected vendors

Reason codes

  • The finding is based on externally visible DNS records
  • The risk is explainable without requiring internal telemetry
  • The remediation path can be staged rather than disruptive
  • The same domain can be monitored for related impersonation activity

Sample finding — live report values depend on the submitted domain

Example subdomain issue

Subdomain discovery can reveal platform and takeover risk.

Subdomains are one of the most useful parts of the free report because they expose real platform usage and stale integrations that are easy to miss in an internal asset list.

Why this matters

The alert is designed to show the domain, the matched entity, the infrastructure context, the confidence and the evidence trail in a form that can flow straight into operational channels.

REPORT | SUBDOMAIN

Potential Hanging CNAME Review

RED

help.example-business.co.uk → example-business.zendesk.com

Subdomain

help.example-business.co.uk

Record type

CNAME

Target

example-business.zendesk.com

Derived platform

Zendesk / helpdesk platform

Issue type

Potential stale service alias or hanging CNAME requiring ownership verification

Why it matters

Unclaimed or misconfigured service aliases can expose a customer-facing subdomain to takeover or confusion

Suggested check

Confirm the service is active, claimed by the organisation and still required

Monitoring option

Track new subdomains, CNAME targets, provider changes and suspicious platform lookalikes

Reason codes

  • Subdomains often reveal platforms that are not visible from the apex domain alone
  • CNAME targets help derive vendor and platform footprint
  • Hanging CNAMEs can indicate stale external dependencies
  • Subdomain-derived platforms improve impersonation monitoring relevance

Sample subdomain issue — live report values depend on discovered records and verification logic

Example external threat

Platform impersonation targeting what the organisation uses.

The report should show not only internal posture, but the external threat around detected platforms. This is different from saying the customer's own brand has been copied.

Why this matters

The alert is designed to show the domain, the matched entity, the infrastructure context, the confidence and the evidence trail in a form that can flow straight into operational channels.

REPORT | EXTERNAL THREAT

Platform Impersonation Exposure

RED

Detected platform: Microsoft 365 · external suspicious infrastructure observed

Detected dependency

Microsoft 365 indicators found in mail and DNS footprint

External pattern

Newly observed domains using Microsoft login, account, verify or secure naming patterns

Customer relevance

Staff and customers may trust Microsoft-branded login or file-sharing prompts

Not a takedown claim

This is platform impersonation context, not necessarily direct brand impersonation of the customer

Recommended action

Monitor and block high-confidence platform impersonation infrastructure where appropriate

Evidence available in paid alerts

Domain, DNS, certificate, hosting, ASN, confidence, reason codes and de-escalation link

Business summary

Threat actors may target the platforms your organisation relies on, not only your own brand

Upgrade path

Threat alerts for platform, brand and keyword-led suspicious infrastructure

Reason codes

  • Platform impersonation can create risk even without direct customer-brand copying
  • Detected vendor footprint makes external threat context more relevant
  • Blocking and monitoring are usually more appropriate than takedown for third-party platform impersonation
  • Expanded alerts can separate platform, brand and keyword-led suspicious infrastructure

Sample external threat — live values depend on detected platforms and current impersonation intelligence

Packaging

What the real report can lead to.

One-off free report

A practical external snapshot of one domain's posture, subdomains, footprint and exposure.

Domain health report

A deeper technical report covering DNS, email, subdomain, provider and remediation context.

Threat alerts

Ongoing monitoring for platform, brand and keyword-led suspicious infrastructure.

Evidence packs

Screenshots, abuse contacts and lifecycle context for brand impersonation or takedown workflows.

Portfolio reporting

Repeatable reports across customers, subsidiaries, suppliers, brands or acquired assets.

API and data shares

Infrastructure intelligence delivered into customer systems, warehouses or partner services.

Next step

Ready to see your own domain?

Use a work email to generate a free report on the domain behind it. The sample shows the structure; the live report uses current Datazag intelligence for your own domain.

Get my free report