Make the list
Write down every system that sends on your behalf: marketing, billing, help desk, HR, surveys, product alerts, and internal tools.
Compare with DNS
Check whether each active sender has the expected authentication records and whether old services still appear.
Review reports
DMARC reports can reveal senders your team forgot about or never knew existed.
Practical context
How to use this guidance
A domain audit connects business reality to DNS reality. The important question is whether every sender in DNS still has a legitimate business reason to send.
A practical example
Imagine a team reviewing how to audit your domain after a new software vendor starts sending customer-facing mail. The immediate question is not whether the setup uses the right acronym; it is whether the business can explain the sender, prove that it is authorized, and spot problems before customers or employees lose trust.
That review usually starts with make the list. From there, the team should compare the intended workflow with real message samples, provider settings, and any reporting data that shows how receivers are treating the mail. This turns the topic from an abstract security idea into a manageable operating task.
Action checklist
- Collect domains from DNS, registrar accounts, marketing tools, and product systems.
- Compare known senders with report data and sample messages.
- Label each sender as active, retired, unknown, or suspicious.
- Turn unknowns into tickets with owners and deadlines.
Common traps
- Relying only on memory to identify senders.
- Ignoring low-volume sources that send critical mail.
- Deleting records before confirming migration status.
Questions to ask internally
- Which teams can name their current sending tools?
- What did reports reveal that the inventory missed?
- Which domains should explicitly send no mail?
Evidence to gather
Good decisions are easier when the team works from evidence instead of memory. For this topic, collect enough detail to connect technical records with the business process they support.
- A recent sample message from each important sending path.
- The DNS records or provider settings connected to the sender.
- The business owner who can confirm whether the sender is still needed.
- Any recent support tickets, delivery problems, or suspicious-message reports.
- The decision log for changes made after the review.
Review rhythm
Review this area whenever a new email platform is launched, a domain or subdomain is added, a vendor is retired, or a suspicious message is reported. For stable environments, a quarterly review is usually enough to catch drift before it becomes an urgent delivery or impersonation problem.
Keep the review lightweight. The useful output is a short list of confirmed senders, open questions, owner names, and next actions. If that list is understandable to IT, finance, marketing, and leadership, the email security program is much easier to maintain.
What good looks like
A strong audit produces a living map of domains and senders that makes later DMARC enforcement less risky.
Where Lappu AI fits
Teams that want help turning these ideas into a working DMARC, DKIM, and SPF plan can review the email security work at Lappu AI.